Professional Documents
Culture Documents
OEM Auditing: The Following Operations Are Audited
OEM Auditing: The Following Operations Are Audited
All operations performed by Enterprise Manager users such as creating users, granting
privileges, starting a remote job like patching or cloning, need to be audited to ensure
compliance with the Sarbanes-Oxley Act of 2002 (SAS 70). This act defines standards an
auditor must use to assess the contracted internal controls of a service organization. Auditing an
operation enables an administrator to monitor, detect, and investigate problems and enforce
enterprise wide security policies.
Irrespective of how the user has logged into Enterprise Manager, when auditing is enabled,
each user action is audited and the audit details are stored in a record.
Enabling Audit
To enable audit for a subset of audited operations, please use the following EMCLI verb:
The externalization service via EMCLI verb update_audit_settings externalizes the audit data
from the Repository to an external file system on a regular basis. Make sure there is enough
space in the directory for the audit log files.
The following example shows that the audit data will be retained in the Repository for 14 days
and once exported the data will be stored in the OS directory that corresponds to database
directory AUDIT with filenames prefixed with gc12_audit, and the file size will be 50M bytes
each:
Achieve separation of duties by restricting the access to the directory where the externalized
audit data is stored. No Enterprise Manager users should have access to the externalized audit
data.
emcli update_audit_settings
-audit_switch="ENABLE/DISABLE"
-operations_to_enable="name of the operations to enable, for all operations
use ALL"
-operations_to_disable="name of the operations to disable, for all
operations use ALL"
-externalization_switch="ENABLE/DISABLE"
-directory_name="directory_name (DB Directory)"
-file_prefix="file_prefix"
-file_size="file_size (Bytes)"
-data_retention_period="data_retention_period (Days)"
-audit_switch: Enables auditing across Enterprise Manager. The possible values are
ENABLE/DISABLE. Default value is DISABLE.
-operations_to_enable: Enables auditing for specified operations. Enter All to enable all
operations.
-operations_to_disable: Disables auditing for specified operations. Enter All to disable all
operations.
-externalization_switch: Enables the audit data export service. The possible values are
ENABLE/DISABLE. Default value is DISABLE.
-directory: The database directory that is mapped to the OS directory where the export
service archives the audit data files.
-file_prefix: The file prefix to be used by the export service to create the file in which
audit data is to be stored.
-file_size: The size of the file on which the audit data is to be stored. The default value is
5000000 bytes.
data_retention_period: The period for which the audit data is to be retained inside the
repository. The default value is 365 days.
Operations List
The following is the list of operations:
....................................
Operation Name
....................................
ADD_AGENT_REGISTRATION_PASSWORD
ADD_CS_TARGET_ASSOC
AGENT_REGISTRATION_PASSWORD_USAGE
AGENT_RESYNC
AG_AUD_CREATE
AG_AUD_DELETE
AG_AUD_MODIFY
APPLY_TEMPLATE
APPLY_UPDATE
ATTACH_MEXT
AUDIT_EXPORT_SETTINGS
AUDIT_SETTINGS
CCS_CREATE_CUSTOM_TARGET_TYPE
CCS_CREATE_MD
CCS_CREATE_PARSER
CCS_DELETE_MD
CCS_DELETE_PARSER
CCS_DEPLOY
CCS_UNDEPLOY
CCS_UPDATE_MD
CHANGE_CONNECTOR_SETTINGS
CHANGE_PASSWORD
CHANGE_PREFERRED_CREDENTIAL
CONFIG_CONNECTOR
CREATE_CCC_RULE
CREATE_CHANGE_MANAGEMENT_SETTING
CREATE_CONNECTOR
CREATE_CREDENTIAL_SET
CREATE_CS
CREATE_CSG
CREATE_FACET
CREATE_FACET_PARAMETER
CREATE_FACET_PATTERN
CREATE_MEXT
CREATE_NAMED_CREDENTIAL
CREATE_ROLE
CREATE_RULE
CREATE_RULE_SET
CREATE_TEMPLATE
CREATE_USER
DB_LOGIN
DB_LOGOUT
DB_RESTART
DB_SHUTDOWN
DB_START
DELETE_AGENT_REGISTRATION_PASSWORD
DELETE_CCC_RULE
DELETE_CONNECTOR
DELETE_CREDENTIAL_SET
DELETE_CS
DELETE_CSG
DELETE_FACET
DELETE_FACET_PARAMETER
DELETE_FACET_PATTERN
DELETE_JOB
DELETE_MEXT
DELETE_NAMED_CREDENTIAL
DELETE_ROLE
DELETE_RULE
DELETE_RULE_SET
DELETE_TARGET
DELETE_TEMPLATE
DELETE_UPDATE
DELETE_USER
DETACH_MEXT
DISABLE_CS_TARGET_ASSOC
DISABLE_RULE
DISABLE_RULE_SET
DOWNLOAD_UPDATE
EDIT_AGENT_REGISTRATION_PASSWORD
EDIT_CS
EDIT_CSG
EDIT_CS_TARGET_ASSOC
EDIT_JOB
EDIT_RULE
EDIT_RULE_SET
EDIT_TEMPLATE
ENABLE_CS_TARGET_ASSOC
ENABLE_RULE
ENABLE_RULE_SET
FILE_TRANSFER
GET_FILE
GET_NAMED_CREDENTIAL
GRANT_JOB_PRIVILEGE
GRANT_PRIVILEGE
GRANT_ROLE
GRANT_SYSTEM_PRIVILEGE
GRANT_TARGET_PRIVILEGE
IMPORT_CCC_RULE
IMPORT_CS
IMPORT_CSG
IMPORT_FACET
IMPORT_RULE
INCLUDE_ACTION_TO_MONITOR
INCLUDE_FILTER_FACET
INCLUDE_MONITORING_FACET
INSERT_UPDATE
JOB_OUTPUT
LOGIN
LOGOUT
MARK_INFO_UPDATE_AS_READ
MODIFY_CCC_RULE
MODIFY_CHANGE_MANAGEMENT_SETTING
MODIFY_FACET
MODIFY_FACET_CONTENT
MODIFY_FACET_PARAMETER
MODIFY_FACET_PATTERN
MODIFY_METRIC_SETTINGS
MODIFY_ROLE
MODIFY_USER
PERFORM_OPERATION_AS_AGENT
PUBLISH_MEXT
PUT_FILE
PUT_FILE_AS_AGENT
REFRESH_UPDATE
REMOTE_OPERATION_JOB
REMOVE_ACTION_FROM_MONITOR
REMOVE_CHANGE_MANAGEMENT_SETTING
REMOVE_CS_TARGET_ASSOC
REMOVE_FILTER_FACET
REMOVE_MONITORING_FACET
REMOVE_PRIVILEGE_DELEGATION_SETTING
REMOVE_UPDATE
REORDER_RULE
REORDER_RULE_SET
REPOSITORY_RESYNC
RESUME_JOB
RES_STATE_CREATE_OP
RES_STATE_DELETE_OP
RES_STATE_MODIFY_OP
RETRY_JOB
REVOKE_JOB_PRIVILEGE
REVOKE_PRIVILEGE
REVOKE_ROLE
REVOKE_SYSTEM_PRIVILEGE
REVOKE_TARGET_PRIVILEGE
SAVE_MONITORING_SETTINGS
SET_PRIVILEGE_DELEGATION_SETTING
STOP_JOB
SUBMIT_JOB
SUBSCRIBE_UPDATE
SUSPEND_JOB
SWLIBADDLOCATION
SWLIBDELETEENTITY
SWLIBDELETEFOLDER
SWLIBDELETELOCATION
SWLIBMOVEENTITY
SWLIBPURGELOCATION
TCAUD_ADD_TEMPLATE_ENTITY
TCAUD_ASSOC_TO_AG
TCAUD_CREATE
TCAUD_DEASSOC_FROM_AG
TCAUD_DELETE
TCAUD_EDIT
TCAUD_REMOVE_TEMPLATE_ENTITY
TCAUD_RENAME
UNSUBSCRIBE_UPDATE
UPDATE_DB_PASSWORD
UPDATE_MEXT
UPDATE_NAMED_CREDENTIAL
UPDATE_PASSWORD
References
http://docs.oracle.com/cd/E24628_01/doc.121/e36415/sec_features.htm#EMSEC12907