System Access Auditing

Audit trails such as log files and audit tables are essential for keeping track of what is happening in the system, which often is required by policies and laws which applies to various enterprises, markets and regions.

Audit logs serve two purposes. One is to keeping track of normal users do using normal functionality, for example "It was user XXX who transferred the money".  This type of auditing is useful to detect questionable actions (such as embezzlement) by users, or to just keep track of how and why changes in the system is made.

Other audit logs serve to detect suspicious use. For example, it is possible configure audits which may indicate that a single person is using several user accounts. Another example is to make use of access & error log files to search for evidence of attacks against web servers.

Contents

History log

IFS History log allows auditing on insert, update and delete of data in IFS tables. It can be configured to create a log entry only if specific columns are updated. It can also be configured to remove audit logs. It is a very easy to use and powerful audit mechanism.

Oracle auditing

Oracle provides a large set of audit capabilities.

Oracle auditing may be used for the same purpose as IFS History table if the administrators have an Oracle preference/strategy. But the major benefits of Oracle audit is that it is capable to do much more than the IFS History log.

A good trade-off is to use IFS History log for simple audit tasks and Oracle for more complex tasks, such as:

Fine-grained audit

Oracle support a fine grain audit, which allows experienced Oracle administrators to create very exact auditing rules. This may be used to create audit rules which are very specific for an enterprise.

Suspicious use

Oracle audit capabilities can easily be used to detect numerous types of suspicious use including: