Results 1 to 3 of 3
  1. #1
    Join Date
    Jan 2004
    Posts
    545
    Provided Answers: 4

    Unanswered: Auditing - best practices/tips

    Recently I've begun to read up on auditing in Sybase ASE 15.5.
    So far I've managed to set up auditing and to enable some options. It all works, but I have no idea if I made the right decisions. (I've followed the tutorial in de Sysadm-guide from the Infocenter btw)

    My sybsecuritydb is placed on devices auditdata_01 and auditdata_02, log on auditlog_01. I have 50Mb space reserved for the database, plus a 50Mb audit_archive-db. Using thresholds on the two audit-tables in sybsecurity I rotate between the tables and archive the data to the archive-db.

    Can anyone give me some advice?
    * Should I use smaller/bigger databases?
    * what auditing options are useful for medium level auditing?
    * what reports/queries give me the most useful information?
    I'm not crazy, I'm an aeroplane!

  2. #2
    Join Date
    Nov 2005
    Posts
    5
    As a good practice we should monitor,
    1. create/ alter / Drop login, users, roles etc
    2. Grant / Revoke permission
    3. Login failed attempts
    4. All DDL statements
    5. Alter database, add devices etc

  3. #3
    Join Date
    Jan 2004
    Posts
    545
    Provided Answers: 4
    Thank you Ksangita.
    Do you have any advice on reporting as well? The on demand queries are one thingi, but those are not very useful to report regularly.

    For instance, if there is an unexpected drop database, or create login, or server boot. I assume one wants to be alerted about that sooner than later. Do we run a cronjob every 5 mnutes that checks for certain events?
    I'm not crazy, I'm an aeroplane!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •