Using the sequence Token for Debugging
When an audit trail created from merging records from several workstations appears to have the records listed out of order, you can debug the audit trail discrepancies using the sequence token. Since the sequence token is not recorded by default, the security administrator adds it to the audit policy. The audit policy must be set identically on all workstations contributing to the audit trail.
When the audit trail has been debugged, the security administrator removes the token.
To Add the sequence Token to the Audit Record
-
To add the seq audit policy dynamically, as role secadmin, at label
admin_low, on the command line:
$ auditconfig -setpolicy +seq $ auditconfig -getpolicy slabel, seq
-
To add the seq audit policy permanently, as role secadmin at label
admin_low, in the audit_startup file:#!/bin/sh auditconfig -setpolicy +slabel, seq
To Prevent the sequence Token from Being Part of Audit Records
-
To remove the seq audit policy dynamically, on the command line, as role secadmin at label
admin_low:
$ auditconfig -setpolicy -seq $ auditconfig -getpolicy slabel
-
To remove the seq audit policy from the audit_startup file, as role secadmin at label
admin_low:#!/bin/sh auditconfig -setpolicy +slabel
- © 2010, Oracle Corporation and/or its affiliates