audit logs in AWS RDS Oracle database

0

I have a requirement to capture config changes in the logs. I tried it and it is not writing to AWS RDS audit logs. example

CREATE USER test IDENTIFIED BY "test123!" default tablespace users temporary tablespace TEMP_DBPRODB profile DEFAULT;

GRANT CONNECT, RESOURCE to test;

alter user test profile SERVICE_ACCOUNT;

it is not getting captured

I tried it on a non AWS RDS Oracle database and the above changes are gettting written to the audit log

here is what I see in the audit log

Tue Jun 13 11:47:53 2023 -04:00 LENGTH : '254' ACTION :[101] 'CREATE USER test IDENTIFIED BY * default tablespace users temporary tablespace TEMP profile DEFAULT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA'

Tue Jun 13 11:48:13 2023 -04:00 LENGTH : '183' ACTION :[31] 'GRANT CONNECT, RESOURCE to test' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA'

Tue Jun 13 11:50:15 2023 -04:00 LENGTH : '191' ACTION :[39] 'alter user test profile SERVICE_ACCOUNT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle'

The parameter setting for this database I see is SQL> show parameter audit_trail NAME TYPE VALUE


audit_trail string DB, EXTENDED

Whereas for AWS RDS database that value is null.

Is that the reason the audit logs is not capturing those changes?

preguntada hace un año1310 visualizaciones
2 Respuestas
0
Respuesta aceptada

The fact that AUDIT_TRAIL is NULL in your RDS instance shows that auditing is not turned on. You need to turn on auditing. Please see the blog and relevant documentation from both AWS and Oracle to get what you want.

profile pictureAWS
EXPERTO
respondido hace un año
profile picture
EXPERTO
revisado hace un año
profile picture
EXPERTO
revisado hace un año
0

Hi there!

You can see Oracle's audit logs in the RDS Console and also publish them to CloudWatch Logs for further analysis and retention. The following documentation page has all the information about it.

I hope this helps.

profile pictureAWS
EXPERTO
respondido hace un año
profile picture
EXPERTO
revisado hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas