Let’s suppose that we have activated our database auditing as recommended and put in place a centralized auditing solution so that the audit data can be sent to a remote server and protected (Like in my previous blog post) . Let’s now think like a hacker, can we hide our database activities (or some of it) ?
In this part, we will see one way of sending unified auditing data to a centralized logging solution outside the Oracle Database. We will not be looking at remote SYSLOG as there is many missing information when redirecting audit data to syslog (Missing Audit Infomation In The Unified Audit Trail Records Sent To SYSLOG (Doc ID 2520613.1))
Still for remote syslog auditing we can set the parameter “unified_audit_systemlog= ‘LOCAL5.INFO’”
In addition, add the following entry in “rsyslog.conf” to enabled Reliable Message forwarding (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/s1-working_with_queues_in_rsyslog) :
On the remote audit server just uncomment the lines “$ModLoad imtcp $InputTCPServerRun 514”.
Ok but this is not the purpose of this blog post, here we are going to look at how we can integrate oracle unified audit data with SPLUNK using Splunk DB Connect and the oracle add-on.
Here is a little script to check HugePage usage by instance and the overall usage by all the instances in the server.You may not have enough hugepage configured in the server ,some instance configured to not use huge pages or other applications using them.
As we know from ORACLE 19c Oracle RAC is no longer supported within Standard edition 2. In this blog post, we will take a quick look at one of the alternative to configure high availability: configuring active-passive cluster using Oracle clusterware.
Target platform :
As we say in French “jamais deux sans trois” so this year was my third TALK at POUG !
As usual, this was a great conference! I meet old friends, made new ones and learned new things what else can we ask for 🙂
Also this was a special one because this time I’ve done a Co-Talk with Stefan Koehler and that was just awesome!!!
Tanel Poder have just shared an awesome tool Linux Process Snapper 🙂 Which is as he described “a Linux
/proc profiler that works by sampling Linux task states and other metrics from
/proc/PID/task/TID pseudofiles” . What i like about the tool is the easy of use and also that it allow Off-Cpu analysis (For more info about Off-Cpu analysis please take a look at Brendan Gregg Blog )
So we have seen until now different built-in ways to easily collect diagnostics information on MySQL server at different level (Instance/Thread/Statement) :
- MySQL overall server status report
- MySQL tracing session/thread activity
- MySQL statement level tracing
But what about analyzing database load ? Does MySQL has a build-in way to display Active Session History ?
In my last blog post we have seen how we can easily collect general MySQL status information using the sys.diagnostics() procedure. What about a single session/thread ? Is there built-in way to easily trace a target thread/session activity (ex: transactions/ statements/stage/wait events) like using an oracle SQL trace ?
Has MySQL a built-in way to easily take a look at the overall server status without the need to execute many different custom query or program ? Maybe something similar to an oracle AWR report ?