Keeping Abreast of Oracle User Login History

Best practices advise that database administrators should never log on to the production database and access sensitive table content that resides across instances unless there is an application maintenance request or other approved business need. If there is a user login with SYS privilege, whether it was a successful or failed logon, you need to be aware of it, because it could be the first sign of privilege abuse or identity theft. You need comprehensive Oracle auditing that includes not only Oracle audit of logon and logoff activity, but tracking of all actions performed within each session, with details about system configuration or privilege changes, data access, data deletions, and more. With such insights at hand, you can take proactive steps to minimize risks to your information privacy and security through users misusing their privileges.

Tracking Oracle logon activity with native tools

You can use native tools to stay on top of successful and failed logon attempts and all logoffs, but you’ll have to use your SQL scripting skills to create specific commands in SQL Developer. Before you execute the scripts, make sure Oracle user login audit is enabled and a log audit trail is being written to a database for later DBA audit, so your script will log all logon attempts in the database audit trail. Then you’ll need to write and execute additional scripts to pull together a report that provides details of the audit sessions, such as username, terminal and timestamp. However, be ready to expend a great deal of time and effort, because the data is in a hard-to-read format and there are no comprehensive reports, so every time you need one from a certain date range, you’ll have to run the script all over again and then export the data into an Excel file for further review. Plus, you’ll have to consider where you are going to securely keep the login history for compliance checks. Are you sure you want to spend your precious time on these tedious and error-prone tasks?

Simplifying login reporting and retaining Oracle Database login history with Netwrix

Although native tools can help you enable audit of logon in Oracle Database, a complete security strategy requires a more efficient and streamlined analysis of what’s going on across your databases from a comprehensive and easy-to-use software solution. Top-to-bottom visibility is required to monitor privileged accounts, ensure that no DBAs use their credentials to log on to databases without a business need, and spot and block insider and outsider threats in their early stages before a breach occurs.

With Netwrix Auditor for Oracle Database, you can:

  • Know when users logged on to production databases so you can verify whether that access was legitimate and choke off privilege abuse faster.
  • Stay on top of changes to database objects, roles and permissions to detect threatening activity faster and strengthen your Oracle Database security.
  • Simplify your reporting processes. Stay informed about logon activity and changes and data access events by subscribing to the reports you need.
  • Investigate suspicious logons or other aberrant activity across your Oracle Database faster with the Google-like interactive search.  
  • Get alerts on critical actions, such as multiple failed logons or unnecessary logons to highly sensitive assets, to minimize the risk of privilege abuse and spot identity theft.
  • Make compliance checks less painful by keeping your Oracle Database login history in a two-tiered (file-based + SQL Server database) storage for over 10 years and having easy access to it any time an auditor knocks at your door.

All Oracle Database Logons report from Netwrix Auditor: Action, Object Type, What, Who and When