Oracle Waveset 8.1.1 System Administrator's Guide

Preventing Audit Log Tampering

You can configure Waveset to prevent the following forms of audit log tampering:

All Waveset audit log records have unique, per-server sequence numbers and encrypted hash of records and sequence numbers.

When you create a Tamper Detection Report, it scans the audit logs per server for:

ProcedureTo Configure Tamper-Resistant Logging

  1. Create a tampering report by selecting Reports > New > Audit Log Tampering Report.

  2. When the Define a Tampering Report page displays, as shown in Figure 3–1, enter a title for the report and then Save it.

    Figure 3–1 Configuring an Audit Log Tampering Report

    Example Define a Tampering Report page

    You can also specify the following optional parameters:

    • Report Summary. Enter a descriptive summary of the report.

    • Starting sequence for server ’<server_name>’. Enter the starting sequence number for the server.

    • This option enables you to delete old log entries without having them flagged as tampering and limits the report’s scope for performance reasons.

    • Email Report. Enable to email report results to a specified email address.

    • When you select this option, the page refreshes and prompts you for email addresses. However, keep in mind that email is not safe for text content-sensitive information (such as account IDs or account history) may be exposed.

    • Override default PDF options. Select to override the default PDF options for this report.

    • Organizations. Select organizations that should have access to this report.

  3. Next, select Configure -> Audit to open the Audit Configuration page, as shown in Figure 3–2.

    Figure 3–2 Tamper-Resistant Audit Logging Configuration

    Example Audit Configuration page

  4. Select Use Custom Publisher, and then click on the Repository publisher link.

  5. Select Enable tamper-resistant audit logs, and then click OK.

  6. Click Save to save the settings.

    You can turn this option off again, but unsigned entries will be flagged as such in the Audit Log Tampering Report, and you must reconfigure the report to ignore these entries.