Go to main content

Oracle® Advanced Support Gateway for Cloud at Customer Security Guide

Exit Print View

Updated: August 2020

Audit Logging Feature

The Audit Logging Feature of Oracle Advanced Support Gateway provides audit information for three different categories of system events. The three categories are:

  • Outbound Network Connections: The Linux firewall service (iptables) triggers notifications for all outbound network traffic with the exception of traffic to Oracle managed hosts used for monitoring and management (for example, Oracle VPN end points, dts.oracle.com, support.oracle.com).

  • Outbound Login Activity: The Linux auditing service (auditd) triggers notifications for all outbound login attempts initiated from Oracle Advanced Support Gateway. This is done by monitoring usage of the ssh and telnet system binaries. Oracle Advanced Support Gateway sends a message that ssh or telnet has been used, by which user, and when. The destination is not provided. auditd logs contain that information. auditd logs are not directly accessible by the customer on Oracle Advanced Support Gateway.

  • Inbound Oracle Advanced Support Gateway User Login Activity: The Linux auditing service (auditd) triggers notifications each time any of the system logs used for tracking logins is updated. This includes failed logins and successful login attempts. It also triggers a notification each time a user logs in from a remote system. These activities are monitored using auditd and forwarded to the customer's central logging system.

All audit notifications are delivered using standard syslog protocol. A central logging system must be provided to accept and process these messages.

The format of most of these messages is based on auditd. They can be managed using various auditd and related utilities.

The audit logging feature is disabled by default, and must be explicitly enabled through the Oracle Advanced Support Gateway command line interface (CLI). The details of how to configure this feature are explained in the following section:

Initial Login.

  1. Use ssh to connect to Oracle Advanced Support Gateway.

    Use the customer administrator account configured at installation time or any other user with the customer administrator role.

  2. At the first (CLI or CLISH) prompt, enter the password.

  3. At the next prompt enter configure terminal.

  4. At the next prompt enter syslog.

    You are now in the syslog-specific section of the Oracle Advanced Support Gateway CLI where you can configure forwarding.

Available Commands.

To display a list of available commands.
To display a brief explanation of how to enter commands in the CLI.
To display the current configuration.
This produces a display similar to the following:
------------- SyslogBroadcaster Configuration ------------
Message Forward Status = enabled
Host IP Address =
Host Port Number = 514
Host Time Zone = GMT
firewall Message Forward = enabled 
ssh Message Forward = enabled
session Message Forward = enabled
UID/GUID MapICMP Type 0 and 8 = enabled 
forward enable
To enable syslog forwarding.
forward disable
To disable syslog forwarding.
ip <ip address>
To enter the IP address of the remote syslog server (the one receiving the forwarded messages).
You must enter a valid IP address, not a host name.
port <port #>
To change the port used for forwarding syslog messages.
timezone <value>
To set the time zone used in the forwarded syslog messages.
Value must be -12 to +12 which is the offset from GMT.
mapping enable
mapping disable
To convert the uid and guid contained in each message to the corresponding Unix user and group name.