Monitoring System_DB Admin activities

[WALI <hkhasgiwale () gmail com>]

On an in-house built,accounting application ( we will call it Tallytree), 
using Oracle 9i as backend DBase, residing over a Windows 2003 server with 
an application interface front end, built using VB.Net.

In this setup, there is an Application Admin ( who writes and manages 
source code for 'Tallytree' working side by side as the primary Application 
Admin getting instructions/requests from the Data Owners to assign Access 
Rights and Controls over various levels of Application modules.

Then there is a database admin common for many other databases using the 
same physical server.
And finally, there is a common System Admin undertaking patch management 
and other high level management duties on the Windows 2003 server itself.

The duties are albeit segregated but I need (as an internal security 
function) to monitor these three roles and their activities and generate 
audit reports regularly so as to show to external auditors for year end review.

How should I go about doing this?
Is there an automated tool (possibly open source) that can help me here?


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------