Oracle RAC User Audits Test
Often, administrators may want to periodically audit user logins to the Oracle cluster server to capture login failures and troubleshoot them. To enable such audits, eG Enterprise offers the Oracle RAC User Audits Test!
This test periodically reports the count of logged in, logged out and failed user sessions on each node of the target cluster.
Pre-Requisites for the test to report metrics
For the eG Enterprise to report metrics for this test, administrators should follow the below-mentioned steps:
-
Execute the following commands from the SQL prompt of the target Oracle cluster server:
audit create session whenever not successful;
audit create session whenever successful;
-
Ensure that DB is set as the value against the Audit_trail parameter. This ensures that the data captured is logged into the DBA_AUDIT_SESSION or DBA_AUDIT_TRAIL tables of the target Oracle cluster server. The eG agent retrieves the data from these tables and reports the metrics for this test.
Target of the test : Oracle RAC
Agent deploying the test : An internal/external agent
Outputs of the test :One set of results for each node in the target Oracle cluster being monitored.
| Parameter | Description |
|---|---|
|
Test period |
How often should the test be executed |
|
Host |
The host for which the test is to be configured. |
|
Port |
The port on which the server is listening. |
|
Service Name |
A ServiceName exists for the entire Oracle RAC system. When clients connect to an Oracle cluster using the ServiceName, then the cluster routes the request to any available database instance in the cluster. By default, the Service Name is set to none. In this case, the test connects to the cluster using the ORASID and pulls out the metrics from that database instance which corresponds to that ORASID. If a valid service name is specified instead, then, the test will connect to the cluster using that Service Name, and will be able to pull out metrics from any available database instance in the cluster. To know the Service Name of a cluster, execute the following query on any node in the target cluster: select name, value from v$parameter where name =’service_names’ |
|
ORASID |
The variable name of the oracle instance. |
|
Username |
In order to monitor an Oracle database server, a special database user account has to be created in every Oracle database instance that requires monitoring. A Click here hyperlink is available in the test configuration page, using which a new oracle database user can be created. Alternatively, you can manually create the special database user. When doing so, ensure that this user is vested with the select_catalog_role and create session privileges. The sample script we recommend for user creation (in Oracle database server versions before 12c) for eG monitoring is: create user oraeg identified by oraeg create role oratest; grant create session to oratest; grant select_catalog_role to oratest; grant oratest to oraeg; The sample script we recommend for user creation (in Oracle database server 12c) for eG monitoring is: alter session set container=<Oracle_service_name>; create user <user_name>identified by <user_password> container=current default tablespace <name_of_default_tablespace> temporary tablespace <name_of_temporary_tablespace>; Grant create session to <user_name>; Grant select_catalog_role to <user_name>; The name of this user has to be specified here. |
|
Password |
Specify the password of the specified database user. |
|
Confirm Password |
Confirm the Password by retyping it here. |
|
SSL |
By default, this flag is set to No, as the target Oracle cluster is not SSL-enabled by default. If the target cluster is SSL-enabled, then set this flag to Yes. |
|
SSL Cipher |
This parameter is applicable only if the target Oracle Cluster is SSL-enabled, if not, set this parameter to none. A cipher suite is a set of cryptographic algorithms that are used before a client application and server exchange information over an SSL/TLS connection. It consist of sets of instructions on how to secure a network through SSL (Secure Sockets Layer) or TLS (Transport Layer Security). In this text box, provide a comma-seperated list of cipher suites that are allowed for SSL/TLS connection to the target cluster. By default, this parameter is set to none. |
|
Truststore File |
This parameter is applicable only if the target Oracle Cluster is SSL-enabled, if not, set this parameter to none. TrustStore is used to store certificates from Certified Authorities (CA) that verify and authenticate the certificate presented by the server in an SSL connection. Therefore, the eG agent should have access to the truststore where the certificates are stored to authenticate and connect with the target cluster and collect metrics. For this, first import the certificates into the following default location <eG_INSTALL_DIR>/lib/security/mytruststore.jks. To know how to import the certificate into the truststore, refer toPre-requisites for monitoring Oracle Cluster. Then, provide the truststore file name in this text box. For example: mytruststore.jks. By default, none is specified against this text box. |
|
Truststore Type |
This parameter is applicable only if the target Oracle Cluster is SSL-enabled, if not, set this parameter to none.Specify the type of truststore that contains the certificates for server authentication in this text box. For eg.,JKS. By default, this parameter is set to the value none. |
|
Truststore Password |
This parameter is applicable only if the target Oracle Cluster is SSL-enabled, if not, set this parameter to none. If a Truststore File name is provided, then, in this text box, provide the password that is used to obtain the associated certificate details from the Truststore File. By default, this parameter is set to none. |
|
DD Row Count |
By default, DD Row Count parameter is set to 10. This means that by default, the detailed diagnosis of this test will only list the top-10 user sessions. If you want to include more or less number of user sessions in detailed diagnosis, then change the value of this parameter accordingly. |
|
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency. |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Login sessions |
Indicates the number of logged in user sessions on this node during the last measurement period. |
Number |
This measure is a good indicator of load on the target node. |
|
Locked logins |
Indicates the number of user accounts that were locked due to entering incorrect password or username on this node during the last measurement period. |
Number |
If a user unsuccessfully attempts to log into the target database cluster more than the configured number of retry attempts, they are locked out of further access. If a user lockout security event occurs on one node of a cluster, the other nodes in the cluster are notified of the event and the user account is locked on all nodes in the cluster. This feature prevents a hacker from systematically breaking into all the nodes in a cluster. |
|
Logoff sessions |
Indicates the number of user sessions that were logged out from this node during the last measurement period. |
Number |
A high value for this measure is a cause of concern. |
|
Login failed sessions |
Indicates the number of user sessions that failed to login to this node during the last measurement period. |
Number |
A sudden/gradual increase in the value of this measure is a cause of concern. Administrators should investigate the login failures before end users start complaining about the failures too frequently. |
