[EXTERNAL]-RE: [EXTERNAL]-RE: [EXTERNAL]-database audit trail and unified audit trail

From: Beckstrom, Jeffrey <jbeckstrom_at_gcrta.org>
Date: Fri, 28 Jan 2022 19:00:22 +0000
Message-ID: <DM6PR09MB4677D1EA8C16D42DAFCD338FDF229_at_DM6PR09MB4677.namprd09.prod.outlook.com>

System was linked with installation defaults. Apparently, in 19c, unified is on by default and overrides the database audit trail parameters since we are seeing the statement level auditing in the unified view and not the OS files.

From: Douglas Dunyan <dmdunyan_at_gmail.com> Sent: Friday, January 28, 2022 1:40 PM
To: Beckstrom, Jeffrey <jbeckstrom_at_gcrta.org> Cc: Amit Grover <amitgrover27_at_gmail.com>; oracle-l_at_freelists.org Subject: Re: [EXTERNAL]-RE: [EXTERNAL]-database audit trail and unified audit trail

Greets -
I think I read the default configuration is Mixed Mode unified auditing. For pure unified auditing, you have to relink oracle with uniaud_on. Have you relinked yet ? Maybe that's your issue.... FWIW unified audit trail is a view, and you can only remove records using the supplied packages. As far as unified audit goes, I am stumped, trying to figure out a system that has 130,000+ records in the view, but event_timestamp is null, so the package doesn't purge those rows...

On Fri, Jan 28, 2022 at 11:31 AM Beckstrom, Jeffrey <jbeckstrom_at_gcrta.org<mailto:jbeckstrom_at_gcrta.org>> wrote: We have a logon trigger that turns on statement auditing for selected sessions. Looks like those are now going to the unified audit table instead of the os dest specified by the init.ora parameter. Does that make sense since unified is on?

From: Amit Grover <amitgrover27_at_gmail.com<mailto:amitgrover27_at_gmail.com>> Sent: Friday, January 28, 2022 1:17 PM
To: Beckstrom, Jeffrey <jbeckstrom_at_gcrta.org<mailto:jbeckstrom_at_gcrta.org>> Subject: Re: [EXTERNAL]-database audit trail and unified audit trail

Remove the default Unified audit policies or set up a job to clear the unified audit trail, would be two options to go.

Also check the location of the unified audit, get it moved outside of Sysaux and maybe change the table partition from default(monthly) to daily, if you do want to use it, as a start.

Best Regards
Amit Grover
2065966629

On Fri, Jan 28, 2022 at 9:14 AM Beckstrom, Jeffrey <jbeckstrom_at_gcrta.org<mailto:jbeckstrom_at_gcrta.org>> wrote: Prior to upgrading to 19c, we were generating a database audit trail.

With 19c, seems like unified audit trail is turned on.

Do we have to purge BOTH the database audit trail and the unified audit trail. The database audit trail was going to OS files.

Jeffrey Beckstrom
Greater Cleveland Regional Transit Authority 1240 W. 6th Street
Cleveland, Ohio 44113

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Jan 28 2022 - 20:00:22 CET

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message