The Audit Logging Feature of Oracle Advanced Support Gateway provides audit information for three different categories of system events. The three categories are:
Outbound Network Connections: The Linux firewall service (iptables) triggers notifications for all outbound network traffic with the exception of traffic to Oracle managed hosts used for monitoring and management (for example, Oracle VPN end points, dts.oracle.com, support.oracle.com).
Outbound Login Activity: The Linux auditing service (auditd) triggers notifications for all outbound login attempts initiated from Oracle Advanced Support Gateway. This is done by monitoring usage of the ssh and telnet system binaries. Oracle Advanced Support Gateway sends a message that ssh or telnet has been used, by which user, and when. The destination is not provided. auditd logs contain that information. auditd logs are not directly accessible by the customer on Oracle Advanced Support Gateway.
Inbound Oracle Advanced Support Gateway User Login Activity: The Linux auditing service (auditd) triggers notifications each time any of the system logs used for tracking logins is updated. This includes failed logins and successful login attempts. It also triggers a notification each time a user logs in from a remote system. These activities are monitored using auditd and forwarded to the customer's central logging system.
All audit notifications are delivered using standard syslog protocol. A central logging system must be provided to accept and process these messages.
The format of most of these messages is based on auditd. They can be managed using various auditd and related utilities.
The audit logging feature is disabled by default, and must be explicitly enabled through the Oracle Advanced Support Gateway command line interface (CLI). The details of how to configure this feature are explained in the following section:
Initial Login.
Use ssh to connect to Oracle Advanced Support Gateway.
Use the customer administrator account configured at installation time or any other user with the customer administrator role.
At the first (CLI or CLISH) prompt, enter the password.
At the next prompt enter configure terminal.
At the next prompt enter syslog.
You are now in the syslog-specific section of the Oracle Advanced Support Gateway CLI where you can configure forwarding.
Available Commands.
|