Audit Management Purging

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...
1 of 19
https://oracle-base.com/articles/11g/auditing-enhancements-11gr2#purgi...
Home (/) Articles (/articles) 11g (/articles/11g) Here
Auditing Enhancements (DBMS_AUDIT_MGMT) in Oracle

Database 11g Release 2
Oracle 11g Release 1 turned on auditng by default for the first time. Oracle 11g Release 2 now
allows better management of the audit trail using the DBMS_AUDIT_MGMT package.
Moving the Database Audit Trail to a Different Tablespace
Controlling the Size and Age of the OS Audit Trail
Purging Audit Trail Records
Initializing the Management Infrastructure
Timestamp Management
Manual Purge
Automated Purging
This package has also been backported to previous versions down to 10g Release 2.
See Oracle Support Note 731908.1.
Related articles.
Fine Grained Auditing (9i) (/articles/9i/security-enhancements-9i#FineGrainedAuditing)
Auditing in Oracle 10g Release 2 (/articles/10g/auditing-10gr2)
Fine Grained Auditing Enhancements (10g) (/articles/10g/database-securityenhancements-10g#fga)
Uniform Audit Trail (10g) (/articles/10g/database-security-enhancements10g#uniform_audit_trail)
Audit Trail Contents (10g) (/articles/10g/database-security-enhancements10g#audit_trail_contents)
Auditing Enhancements (Unified Audit Trail) in Oracle Database 12c Release 1 (/articles
/12c/auditing-enhancements-12cr1)
Moving the Database Audit Trail to a Different Tablespace

The SET_AUDIT_TRAIL_LOCATION procedure allows you to alter the location of the standard
and/or fine-grained database audit trail. It does not currently allow the alteration of the OS audit
trail, although the documentation suggests this may happen in future. The procedure accepts
two parameters.
AUDIT_TRAIL_TYPE : They type of audit trail that is to be moved.
AUDIT_TRAIL_LOCATION_VALUE : The tablespace the audit trail tables should be moved to.
The AUDIT_TRAIL_TYPE parameter is specified using one of three constants.
2 of 19
DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD : Standard audit trail (AUD$).

DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD : Fine-grained audit trail (FGA_LOG$).
DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD : Both standard and fine-grained audit trails.
Let's see this in action. First check the current location of the audit trail tables.
CONN / AS SYSDBA
SELECT table_name, tablespace_name
FROM
dba_tables
WHERE table_name IN ('AUD$', 'FGA_LOG$')
ORDER BY table_name;
TABLE_NAME
-----------------------------AUD$
FGA_LOG$
TABLESPACE_NAME
-----------------------------SYSTEM
SYSTEM
SQL>
Next, create a new tablespace to hold the audit trail.

CREATE TABLESPACE audit_aux
DATAFILE '/u01/app/oracle/oradata/DB11G/audit_aux01.dbf'
SIZE 1M AUTOEXTEND ON NEXT 1M;
Then we move the standard audit trail to the new tablespace.
3 of 19
BEGIN
DBMS_AUDIT_MGMT.set_audit_trail_location(
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
audit_trail_location_value => 'AUDIT_AUX');
END;
/
PL/SQL procedure successfully completed.
SQL>
-- Check locations.
FROM
dba_tables
TABLE_NAME
-----------------------------AUD$
FGA_LOG$
TABLESPACE_NAME
-----------------------------AUDIT_AUX
SYSTEM
SQL>
Next we move the fine-grained audit trail.
4 of 19
BEGIN
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD,
audit_trail_location_value => 'AUDIT_AUX');
END;
/
SQL>
-- Check locations.
FROM
dba_tables
TABLE_NAME
-----------------------------AUD$
FGA_LOG$
TABLESPACE_NAME
-----------------------------AUDIT_AUX
AUDIT_AUX
SQL>
Finally, we move them both back to their original location in a single step.
BEGIN
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD,
audit_trail_location_value => 'SYSTEM');
END;
/
SQL>
-- Check locations.
FROM
dba_tables
TABLE_NAME
-----------------------------AUD$
FGA_LOG$
TABLESPACE_NAME
-----------------------------SYSTEM
SYSTEM
SQL>
The AUDIT_AUX tablespace is no longer used so we can drop it.

DROP TABLESPACE audit_aux;
The time it takes to move the audit trail tables depends on the amount of data currently in the
audit trail tables, and the resources available on your system.
Controlling the Size and Age of the OS Audit Trail

The SET_AUDIT_TRAIL_PROPERTY procedure allows you to set the maximum size and/or age of
the OS audit trail files. The procedure can set parameters for several purposes, but I will restrict
the discussion to only those relevant to this section. A full list of the constants available can be
found here ( http://docs.oracle.com/cd/E11882_01/appdev.112/e40758
/d_audit_mgmt.htm#BABCEJJI).
The procedure accepts three parameters.
AUDIT_TRAIL_TYPE : The type of audit trail to be modified ( AUDIT_TRAIL_OS ,
AUDIT_TRAIL_XML or AUDIT_TRAIL_FILES ).
AUDIT_TRAIL_PROPERTY : The name of the property to be set ( OS_FILE_MAX_SIZE or
5 of 19
6 of 19
OS_FILE_MAX_AGE ).
AUDIT_TRAIL_PROPERTY_VALUE : The required value for the property.
To check the current settings query the DBA_AUDIT_MGMT_CONFIG_PARAMS view.

COLUMN parameter_name FORMAT A30
COLUMN parameter_value FORMAT A20
COLUMN audit_trail FORMAT A20
SELECT *
FROM
dba_audit_mgmt_config_params
WHERE parameter_name LIKE 'AUDIT FILE MAX%';
PARAMETER_NAME
-----------------------------AUDIT FILE MAX SIZE
AUDIT FILE MAX SIZE
AUDIT FILE MAX AGE
AUDIT FILE MAX AGE
PARAMETER_VALUE
-------------------10000
10000
5
5
AUDIT_TRAIL
-------------------OS AUDIT TRAIL
XML AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
SQL>
These defaults mean that OS and XML audit trail files will grow to a maximum of 10,000Kb, at
which point a new file will be created. In addition, files older than 5 days will not be written to
any more, even if they are below the maximum file size. Instead, a new file will be created and
written to. Here are some examples of changing the settings.
-- Set the Maximum size of OS audit files to 15,000Kb.

BEGIN
DBMS_AUDIT_MGMT.set_audit_trail_property(
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS,
audit_trail_property
=> DBMS_AUDIT_MGMT.OS_FILE_MAX_SIZE,
audit_trail_property_value => 15000);
END;
/
SELECT *
FROM
PARAMETER_NAME
AUDIT FILE MAX SIZE
AUDIT FILE MAX AGE
AUDIT FILE MAX AGE
PARAMETER_VALUE
-------------------15000
10000
5
5
AUDIT_TRAIL
-------------------OS AUDIT TRAIL
XML AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
SQL>
-- Set the Maximum age of XML audit files to 10 days.

BEGIN
DBMS_AUDIT_MGMT.set_audit_trail_property(
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_XML,
audit_trail_property
=> DBMS_AUDIT_MGMT.OS_FILE_MAX_AGE,
audit_trail_property_value => 10);
END;
/
SELECT *
FROM
PARAMETER_NAME
AUDIT FILE MAX SIZE
AUDIT FILE MAX AGE
AUDIT FILE MAX AGE
7 of 19
PARAMETER_VALUE
-------------------15000
10000
5
10
AUDIT_TRAIL
-------------------OS AUDIT TRAIL
XML AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
8 of 19
SQL>
The CLEAR_AUDIT_TRAIL_PROPERTY procedure can be used to remove the size and age
restrictions, or reset them to the default values. Setting the USE_DEFAULT_VALUES parameter
value to FALSE removes the restrictions, while setting it to TRUE returns the restriction to the
default value.
-- Reset the max size default values for both OS and XML audit file.
BEGIN
DBMS_AUDIT_MGMT.clear_audit_trail_property(
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_FILES,
audit_trail_property => DBMS_AUDIT_MGMT.OS_FILE_MAX_SIZE,
use_default_values
=> TRUE );
END;
/
SELECT *
FROM
PARAMETER_NAME
AUDIT FILE MAX SIZE
AUDIT FILE MAX AGE
AUDIT FILE MAX AGE
PARAMETER_VALUE
-------------------10000
10000
5
10
AUDIT_TRAIL
-------------------OS AUDIT TRAIL
XML AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
SQL>
-- Remove the max age restriction for both OS and XML audit file.
BEGIN
audit_trail_type
audit_trail_property => DBMS_AUDIT_MGMT.OS_FILE_MAX_AGE,
use_default_values
=> FALSE );
END;
/
SELECT *
FROM
PARAMETER_NAME
AUDIT FILE MAX SIZE
AUDIT FILE MAX AGE
AUDIT FILE MAX AGE
SQL>
9 of 19
PARAMETER_VALUE
-------------------10000
10000
NOT SET
NOT SET
AUDIT_TRAIL
-------------------OS AUDIT TRAIL
XML AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
-- Reset the max age default values for both OS and XML audit file.
BEGIN
audit_trail_type
audit_trail_property => DBMS_AUDIT_MGMT.OS_FILE_MAX_AGE,
use_default_values
=> TRUE );
END;
/
SELECT *
FROM
PARAMETER_NAME
AUDIT FILE MAX SIZE
AUDIT FILE MAX AGE
AUDIT FILE MAX AGE
PARAMETER_VALUE
-------------------10000
10000
5
5
AUDIT_TRAIL
-------------------OS AUDIT TRAIL
XML AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
SQL>
Purging Audit Trail Records

As with previous versions, you can manually delete records from the AUD$ and FGA_LOG$
tables and manually delete OS audit files from the file system, but DBMS_AUDIT_MGMT package
gives you some new and safer mechanisms for maintaining the audit trail.
If you are using Oracle Audit Vault, use that to manage your audit trail, not this
functionality.
Initializing the Management Infrastructure

Before you can purge the database audit trail you must perform a one-time initialization of the
audit management infrastructure. This is done using the INIT_CLEANUP procedure. The
procedure accepts two parameters.
AUDIT_TRAIL_TYPE : The audit trail to be initialized (Constants ( http://docs.oracle.com
/cd/E11882_01/appdev.112/e40758/d_audit_mgmt.htm#BABCEJJI)).
DEFAULT_CLEANUP_INTERVAL : The default interval in hours, after which the cleanup
procedure should be called again (1-999).
10 of 19
11 of 19
The documentation seems to be incorrect about 2 points.
1. It claims that initializing the database audit trails move the AUD$ and FGA_LOG$ tables
from the SYSTEM tablespace to the SYSAUX tablespace, unless they have already been
moved out of the SYSTEM tablespace. This doesn't seem to be the case as the example
below will show. Even though it doesn't happen automatically, it makes sense to move the
audit tables into the SYSAUX tablespace or their own dedicated tablespace. This is fixed
from 11.2.0.2 onward.
2. It claims it is not necessary to initialize the OS audit trails, yet in the example below you
can clearly see the default cleanup intervals being set by the initialization process.
The following code checks the current parameter settings, initializes the audit management
infrastructure for all audit trails with a default interval of 12 hours and rechecks the settings.
COLUMN parameter_name FORMAT A30

COLUMN parameter_value FORMAT A20
SELECT * FROM dba_audit_mgmt_config_params;
PARAMETER_NAME
-----------------------------DB AUDIT TABLESPACE
DB AUDIT TABLESPACE
AUDIT FILE MAX SIZE
AUDIT FILE MAX SIZE
AUDIT FILE MAX AGE
AUDIT FILE MAX AGE
DB AUDIT CLEAN BATCH SIZE
OS FILE CLEAN BATCH SIZE
PARAMETER_VALUE
-------------------SYSTEM
SYSTEM
10000
10000
5
5
10000
10000
1000
1000
AUDIT_TRAIL
-------------------STANDARD AUDIT TRAIL
FGA AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
STANDARD AUDIT TRAIL
FGA AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
SQL>
BEGIN
DBMS_AUDIT_MGMT.init_cleanup(
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
default_cleanup_interval => 12 /* hours */);
END;
/
SQL>
SELECT * FROM dba_audit_mgmt_config_params;
PARAMETER_NAME
-----------------------------DB AUDIT TABLESPACE
DB AUDIT TABLESPACE
AUDIT FILE MAX SIZE
AUDIT FILE MAX SIZE
AUDIT FILE MAX AGE
AUDIT FILE MAX AGE
12 of 19
PARAMETER_VALUE
-------------------SYSTEM
SYSTEM
10000
10000
5
5
10000
AUDIT_TRAIL
FGA AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
OS AUDIT TRAIL
XML AUDIT TRAIL
STANDARD AUDIT TRAIL
13 of 19

DEFAULT CLEAN UP INTERVAL
10000
1000
1000
12
FGA AUDIT TRAIL

OS AUDIT TRAIL
XML AUDIT TRAIL
OS AUDIT TRAIL
PARAMETER_NAME
-----------------------------DEFAULT CLEAN UP INTERVAL
PARAMETER_VALUE
-------------------12
12
12
AUDIT_TRAIL
FGA AUDIT TRAIL
XML AUDIT TRAIL
Notice that the 'DB AUDIT TABLESPACE' for the database audit trails are unchanged and the
'DEFAULT CLEAN UP INTERVAL' for all four audit trails has been set.
The current initialization status of a specific audit trail can be checked using the
IS_CLEANUP_INITIALIZED .
SET SERVEROUTPUT ON
BEGIN
IF DBMS_AUDIT_MGMT.is_cleanup_initialized(DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD) THEN
DBMS_OUTPUT.put_line('YES');
ELSE
DBMS_OUTPUT.put_line('NO');
END IF;
END;
/
YES
SQL>
To deconfigure the audit management infrastructure run the DEINIT_CLEANUP procedure.

BEGIN
DBMS_AUDIT_MGMT.deinit_cleanup(
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL);
END;
/
Timestamp Management
The next thing to consider before purging the audit trail is how much data you wish to purge.
The DBMS_AUDIT_MGMT package allows us to purge all the records, or all the records older than a
14 of 19
specific timestamp. The timestamp in question is specified individually for each audit trail using
the SET_LAST_ARCHIVE_TIMESTAMP procedure, which accepts three parameters.
AUDIT_TRAIL_TYPE : The audit trail whose timestamp is to be set (Constants (
http://docs.oracle.com/cd/E11882_01/appdev.112/e40758
/d_audit_mgmt.htm#BABCEJJI)). Only individual audit trails are valid, not the constants
that specify multiples.
LAST_ARCHIVE_TIME : Records or files older than this time will be deleted.
RAC_INSTANCE_NUMBER : Optionally specify the RAC node for OS audit trails. If unset it
assumes the current instance.
The following code specifies a timestamp of 5 days ago for the standard database audit trail.
The setting is then checked by querying the DBA_AUDIT_MGMT_LAST_ARCH_TS view.
BEGIN
DBMS_AUDIT_MGMT.set_last_archive_timestamp(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
last_archive_time => SYSTIMESTAMP-5);
END;
/
COLUMN last_archive_ts FORMAT A40
SELECT * FROM dba_audit_mgmt_last_arch_ts;
AUDIT_TRAIL
RAC_INSTANCE LAST_ARCHIVE_TS
-------------------- ------------ ---------------------------------------STANDARD AUDIT TRAIL
0 13-DEC-09 01.57.54.000000 PM +00:00
SQL>
The timestamps for each audit trail can be cleared to allow a complete purge using the
CLEAR_LAST_ARCHIVE_TIMESTAMP procedure.
BEGIN
DBMS_AUDIT_MGMT.clear_last_archive_timestamp(
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD);
END;
/
Manual Purge
The CLEAN_AUDIT_TRAIL procedure is the basic mechanism for manually purging the audit trail.
It accepts two parameters.

AUDIT_TRAIL_TYPE : The audit trail to be purged (Constants ( http://docs.oracle.com
/cd/E11882_01/appdev.112/e40758/d_audit_mgmt.htm#BABCEJJI)).
USE_LAST_ARCH_TIMESTAMP : Set to FALSE to purge all records/files, or TRUE to only purge
records/files older than the timestamp specified for the audit trail.
The following code queries the last archive timestamp and total number of audit records,
deletes standard database audit records older than the last archive timestamp, then returns the
number of records again.
SELECT * FROM dba_audit_mgmt_last_arch_ts;
AUDIT_TRAIL
RAC_INSTANCE LAST_ARCHIVE_TS
-------------------- ------------ ---------------------------------------STANDARD AUDIT TRAIL
0 13-DEC-09 01.57.54.000000 PM +00:00
SQL>
SELECT COUNT(*) FROM aud$;
COUNT(*)
---------2438
SQL>
BEGIN
DBMS_AUDIT_MGMT.clean_audit_trail(
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
use_last_arch_timestamp => TRUE);
END;
/
SELECT COUNT(*) FROM aud$;
COUNT(*)
---------76
SQL>
15 of 19
16 of 19
Automated Purging
The CREATE_PURGE_JOB procedure allows you to schedule a job to call the CLEAN_AUDIT_TRAIL
procedure. When creating a purge job you can specify 4 parameters.
AUDIT_TRAIL_TYPE : The audit trail to be purged by the scheduled job (Constants (
http://docs.oracle.com/cd/E11882_01/appdev.112/e40758
/d_audit_mgmt.htm#BABCEJJI)).
AUDIT_TRAIL_PURGE_INTERVAL : The interval in hours between purges.
AUDIT_TRAIL_PURGE_NAME : A name for the purge job.
USE_LAST_ARCH_TIMESTAMP : Set to FALSE to purge all records/files, or TRUE to only purge
records/files older than the timestamp specified for the audit trail.
The following code schedules a purge of all audit trails every 24 hours. The resulting job is
visible in the DBA_SCHEDULER_JOBS view.
BEGIN
DBMS_AUDIT_MGMT.create_purge_job(
audit_trail_type
=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
audit_trail_purge_interval => 24 /* hours */,
audit_trail_purge_name
=> 'PURGE_ALL_AUDIT_TRAILS',
use_last_arch_timestamp
=> TRUE);
END;
/
SQL>
SELECT job_action
FROM
dba_scheduler_jobs
WHERE job_name = 'PURGE_ALL_AUDIT_TRAILS';
JOB_ACTION
-------------------------------------------------------------------------------BEGIN DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(15, TRUE); END;
SQL>
The job can be disabled and enabled using the SET_PURGE_JOB_STATUS procedure.
17 of 19
BEGIN
DBMS_AUDIT_MGMT.set_purge_job_status(
audit_trail_status_value => DBMS_AUDIT_MGMT.PURGE_JOB_DISABLE);
DBMS_AUDIT_MGMT.set_purge_job_status(
audit_trail_status_value => DBMS_AUDIT_MGMT.PURGE_JOB_ENABLE);
END;
/
The interval of the purge job can be altered using the SET_PURGE_JOB_INTERVAL procedure.
BEGIN
DBMS_AUDIT_MGMT.SET_PURGE_JOB_INTERVAL(
audit_trail_interval_value => 48);
END;
/
Purge jobs are removed using the DROP_PURGE_JOB procedure.

BEGIN
DBMS_AUDIT_MGMT.drop_purge_job(
=> 'PURGE_ALL_AUDIT_TRAILS');
END;
/
There are two things to note about the automated functionality.

1. If purge jobs use the last archived timestamp and you do not manually move this
timestamp forward, the job will run and have nothing to purge. You should reset the
timestamp using DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP when you have made
an archive of the audit information, that way your audit information is secure and the job
can purge the excess data.
2. The purge job functionality is simply a wrapper over the DBMS_SCHEDULER package to
make automating purge jobs easier.
If you want the purge job to maintain an audit trail of a specific number of days, the easiest way
to accomplish this is to define a job to set the last archive time automatically. The following job
resets the last archive time on a daily basis, keeping the last archive time 90 days in the past.
18 of 19
BEGIN
DBMS_SCHEDULER.create_job (
job_name
=> 'audit_last_archive_time',
job_type
=> 'PLSQL_BLOCK',
job_action
=> 'BEGIN
DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP(DBMS_AUDIT_MGMT.AUDIT
END;',
start_date
=> SYSTIMESTAMP,
repeat_interval => 'freq=daily; byhour=0; byminute=0; bysecond=0;',
end_date
=> NULL,
enabled
=> TRUE,
comments
=> 'Automatically set audit last archive time.');
END;
/
For more information see:

Fine Grained Auditing (9i) (/articles/9i/security-enhancements-9i#FineGrainedAuditing)
Auditing in Oracle 10g Release 2 (/articles/10g/auditing-10gr2)
Fine Grained Auditing Enhancements (10g) (/articles/10g/database-securityenhancements-10g#fga)
Uniform Audit Trail (10g) (/articles/10g/database-security-enhancements10g#uniform_audit_trail)
Audit Trail Contents (10g) (/articles/10g/database-security-enhancements10g#audit_trail_contents)
Auditing Enhancements (Unified Audit Trail) in Oracle Database 12c Release 1 (/articles
/12c/auditing-enhancements-12cr1)
DBMS_AUDIT_MGMT (http://docs.oracle.com/cd/E11882_01/appdev.112/e40758
/d_audit_mgmt.htm)
Verifying Security Access with Auditing (http://docs.oracle.com/cd/E11882_01/network.112
/e36292/auditing.htm)
Hope this helps. Regards Tim...
Back to the Top.
11 comments, read/add them... (/misc/comments?page_id=887)

Home (/) | Articles (/articles/articles) | Scripts (/dba/scripts) | Blog (/blog/) | Certification (/misc
/ocp-certification) | Misc (/misc/miscellaneous) | About (/misc/site-info)
About Tim Hall (/misc/site-info#biog)

Copyright & Disclaimer (/misc/site-info#copyright)
19 of 19

Audit Management Purging

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Audit Management Purging

Diunggah oleh

Hak Cipta:

Format Tersedia

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

Home (/) Articles (/articles) 11g (/articles/11g) Here

Auditing Enhancements (DBMS_AUDIT_MGMT) in Oracle

Moving the Database Audit Trail to a Different Tablespace

The AUDIT_TRAIL_TYPE parameter is specified using one of three constants.

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD : Standard audit trail (AUD$).

Next, create a new tablespace to hold the audit trail.

Then we move the standard audit trail to the new tablespace.

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

Next we move the fine-grained audit trail.

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

The AUDIT_AUX tablespace is no longer used so we can drop it.

Controlling the Size and Age of the OS Audit Trail

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

To check the current settings query the DBA_AUDIT_MGMT_CONFIG_PARAMS view.

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

-- Set the Maximum size of OS audit files to 15,000Kb.

-- Set the Maximum age of XML audit files to 10 days.

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

Purging Audit Trail Records

Initializing the Management Infrastructure

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

The documentation seems to be incorrect about 2 points.

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

COLUMN parameter_name FORMAT A30

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

DB AUDIT CLEAN BATCH SIZE

FGA AUDIT TRAIL

To deconfigure the audit management infrastructure run the DEINIT_CLEANUP procedure.

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

It accepts two parameters.

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

Purge jobs are removed using the DROP_PURGE_JOB procedure.

There are two things to note about the automated functionality.

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

For more information see:

11 comments, read/add them... (/misc/comments?page_id=887)

ORACLE-BASE - Auditing Enhancements (DBMS_AUDIT_MGMT) i...

About Tim Hall (/misc/site-info#biog)

Anda mungkin juga menyukai