10 Configuring and Using Database Response Monitoring

This chapter contains:

See Also:

Oracle Database Firewall Security Guide for information about viewing the traffic log for direct database response monitoring

About Database Response Monitoring

Enabling the Database Response Monitoring feature in the Administration Console allows Oracle Database Firewall to record responses that the protected database makes to login requests, logout requests and SQL statements sent from database clients, as shown in Figure 10-1. This feature allows you to determine whether the database executed logins, logouts and statements successfully, and can provide useful information for audit and forensic purposes.

Figure 10-1 illustrates the process flow of database response monitoring.

Figure 10-1 Database Response Monitoring

Description of Figure 10-1 follows
Description of "Figure 10-1 Database Response Monitoring"

You can view database responses by opening the traffic log in the normal way.

Database Response Monitoring records database responses for all SQL statements, logins and logouts that are logged by the policy, as configured using the Oracle Database Firewall Analyzer (see the Oracle Database Firewall Security Guide).

The information recorded in the traffic log includes the response interpreted by Oracle Database Firewall (such as "statement fail"), the detailed status information from the database, and the database response text (which may be displayed at the database client).

Configuring Database Response Monitoring

This section contains:

Enabling Database Response Monitoring

To enable database response monitoring:

  1. Log in to the Management Server Administration Console.

  2. Select the Monitoring tab.

  3. Click List in the Enforcement Points menu.

  4. Click the Settings button of the enforcement point that is being used to monitor the database.

    The Monitoring Settings page appears.

  5. Select Activate Database Response Monitoring.

    If you also select Full error message annotation, any detailed response text messages generated by the database are also logged.

    Description of image083.gif follows
    Description of the illustration image083.gif

  6. Click Save to save the changes.

Setting Up Login/Logout Policies in the Analyzer

The login and logout policies are stored in the Oracle Database Firewall and must be configured using the Oracle Database Firewall Analyzer software. See the Oracle Database Firewall Security Guide for details.