Linux-UNIX: Configuring S-TAP interception using Oracle Unified Audit
Use Oracle Unified Auditing (OUA) to capture user activities in Oracle database environments based on Oracle Unified Audit policies. All captured activities are stored in specific tables. Linux S-TAP x86_64 can dynamically load and use Oracle-provided libraries to connect to the configured Oracle services. The S-TAP can then pull data from the unified auditing tables, and send data to Guardium collectors.
Before you begin
With Oracle Unified Auditing, the S-TAP does not need to be on the same server where Oracle Unified Auditing is set up. It can be installed on any Linux x86_64-based server, either the same server (if Oracle is running on a Linux x86_64 platform) or a remote server. If the S-TAP is installed on a remote server, it captures database activities remotely.
- Download Oracle Instant Client rpm from the Oracle website at https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html.
- Install the Oracle Instant Client Basic rpm on the Linux server where you install the S-TAP. For
example:
rpm -ivh oracle-instantclient-basic-21.10.0.0.0-1.el8.x86_64.rpm
- The installation process installs the Oracle libraries and creates the TNS_ADMIN path for Oracle
Instant client. Add tnsnames.ora or ldap.ora files that
contain content for Oracle Database connections that the S-TAP will monitor
under the TNS_ADMIN path. The TNS_ADMIN path might be similar to the following
example:
/usr/lib/oracle/21/client64/lib/network/admin
About this task
Oracle Unified Auditing with an S-TAP has the following requirements:
- Using Guardium® S-TAP with the Oracle Unified Auditing method requires Oracle database 18c and higher.
- Oracle Instant Client must be version 18 or higher.
- Unified auditing must be enabled in any Oracle database instances that you want to monitor by this method.
- The designated user for S-TAP must either be created for Oracle database access or you can use an existing user with sysdba privileges.