Oracle® Audit Vault Administrator's Guide Release 10.2.3.1 Part Number E13841-02 |
|
|
View PDF |
This chapter contains:
See Also:
Section 4.8 for the general steps you must take to purge audit trail data
Chapter 13, "DBMS_AUDIT_MGMT Data Dictionary Views," for DBMS_AUDIT_MGMT
-specific data dictionary views
The DBMS_AUDIT_MGMT
PL/SQL package provides a set of subprograms that you can use to manage the Oracle Database audit trail data. It enables you to:
Archive and purge (clean) the audit trail data for all of the supported audit trail formats.
Move the database audit trail tables out of the SYSTEM
tablespace to a different tablespace. This improves performance and enables you to dedicate an optimized tablespace for audit records.
For the operating system audit trail, set a maximum size and age of the file before a new operating system audit trial file is created.
For the database audit trail, set a record batch size in which records are deleted from audit trail tables.
Set an archive timestamp for archived audit records, and then delete audit trail records based on the last archive timestamp. The last archive timestamp indicates when the audit records were last archived.
Configure and schedule periodic purge jobs to delete audit records.
Diagnose errors by using trace files.
All DBMS_AUDIT_MGMT
subprograms require the user to have EXECUTE
privilege on the DBMS_AUDIT_MGMT
package. The SYSDBA
privilege has EXECUTE
privileges on the package by default.
Only audit administrators should have EXECUTE
privileges over the DBMS_AUDIT_MGMT
package.
The DBMS_AUDIT_MGMT
package defines several enumerated constants that should be used for specifying parameter values. Enumerated constants must be prefixed with the package name, for example, DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD
.
The DBMS_AUDIT_MGMT
package uses the constants shown in the following tables:
Table 14-1, "DBMS_AUDIT_MGMT Constants - Types of Audit Trails"
Table 14-2, "DBMS_AUDIT_MGMT Constants - Audit Trail Properties"
Table 14-4, "DBMS_AUDIT_MGMT Constants - Trace Level Values"
Table 14-1 lists the audit trail type constants. Audit trails are classified by where Oracle Database writes the audit records: to database tables, operating system files, or XML files.
Table 14-1 DBMS_AUDIT_MGMT Constants - Types of Audit Trails
Constant | Data Type | Value | Description |
---|---|---|---|
|
|
|
All audit trail types. This includes the standard database audit trail ( |
|
|
|
Standard database audit records in the |
|
|
|
Both standard audit ( |
|
|
|
Standard database fine-grained auditing (FGA) records in the |
|
|
|
Both operating system (OS) and XML audit trails |
|
|
4 |
Operating system audit trail. This refers to the audit records stored in operating system files. |
|
|
8 |
XML audit trail. This refers to the audit records stored in XML files. |
Table 14-2 lists the constants related to audit trail properties. Audit trail properties determine the audit configuration settings.
Table 14-2 DBMS_AUDIT_MGMT Constants - Audit Trail Properties
Constant | Type | Value | Description |
---|---|---|---|
|
|
|
Interval, in hours, after which the cleanup job is called to clear audit records in the specified audit trail |
|
|
|
Specifies the batch size to be used for deleting audit records in database audit tables. The audit records are deleted in batches of size equal to |
|
|
|
Specifies the maximum number of days for which an operating system (OS) or XML audit file can be kept open before a new audit file gets created |
|
|
|
Specifies the maximum size to which an operating system (OS) or XML audit file can grow before a new file is opened |
Table 14-3 lists the constants related to purge job status values. The audit trail purge job cleans up the audit trail.
Table 14-3 DBMS_AUDIT_MGMT Constants - Purge Job Status
Constant | Type | Value | Description |
---|---|---|---|
|
|
|
Disables a purge job |
|
|
|
Enables a purge job |
Table 14-4 lists the constants related to trace level values. The DBMS_AUDIT_MGMT
package enables you to trace operations for diagnostic purposes.
Table 14-5 lists the DBMS_AUDIT_MGMT
package subprograms.
Table 14-5 DBMS_AUDIT_MGMT Package Subprograms
Subprogram | Description |
---|---|
Deletes audit trail records that have been archived |
|
Clears the value for the audit trail property that you specify |
|
Clears the timestamp set by the |
|
Creates a purge job for periodically deleting the audit trail records |
|
Undoes the setup and initialization performed by the |
|
Drops the purge job that was created using the |
|
Returns the number of seconds allowed for a |
|
Sets up the audit management infrastructure and sets a default cleanup interval for the audit trail records |
|
Checks to see if the |
|
Moves the audit trail tables from their current tablespace to a user-specified tablespace |
|
Sets the audit trail properties for the audit trail type that you specify |
|
Sets the trace level for the |
|
Sets a timestamp indicating when the audit records were last archived |
|
Sets the interval at which the |
|
Enables or disables the purge job that you specify |
The CLEAN_AUDIT_TRAIL
procedure deletes audit trail records that have been archived.
Typically, you run the CLEAN_AUDIT_TRAIL
procedure is after you run the SET_LAST_ARCHIVE_TIMESTAMP
procedure, which sets the last archived timestamp for the audit records.
Syntax
DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL( audit_trail_type IN PLS_INTEGER, use_last_arch_timestamp IN BOOLEAN DEFAULT TRUE) ;
Parameters
Parameter | Description |
---|---|
audit_trail_type |
Enter the audit trail type for which the cleanup operation needs to be performed. Table 14-1 lists audit trail types. |
use_last_arch_timestamp |
Specify whether the last archived timestamp should be used to determine the records that should be deleted.
A value of A value of The default value is |
Usage Notes
None
Examples
The following example calls the CLEAN_AUDIT_TRAIL
procedure to clean up the operating system (OS) audit trail records that were created before the last archive timestamp.
BEGIN DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS, use_last_arch_timestamp => TRUE); END; /
The CLEAR_AUDIT_TRAIL_PROPERTY
procedure clears the value for the audit trail property that is specified. Audit trail properties are set using the SET_AUDIT_TRAIL_PROPERTY
procedure.
The CLEAR_AUDIT_TRAIL_PROPERTY
procedure can optionally reset the property value to its default value through the use_default_values
parameter.
Syntax
DBMS_AUDIT_MGMT.CLEAR_AUDIT_TRAIL_PROPERTY( audit_trail_type IN PLS_INTEGER, audit_trail_property IN PLS_INTEGER, use_default_values IN BOOLEAN DEFAULT FALSE) ;
Parameters
Parameter | Description |
---|---|
audit_trail_type |
Enter the audit trail type for which the property needs to be cleared. Table 14-1 lists the audit trail types. |
audit_trail_property |
Enter the audit trail property whose value needs to be cleared. You cannot clear the value for the CLEANUP_INTERVAL property.
Table 14-2 lists the audit trail properties. |
use_default_values |
Specify whether the default value of the audit_trail_property should be used in place of the cleared value. A value of TRUE causes the default value of the parameter to be used. A value of FALSE causes the audit_trail_property to have no value.
The default value for this parameter is |
Usage Notes
You can use this procedure to clear the value for an audit trail property that you do not wish to use. For example, if you do not want a restriction on the operating system audit file size, then you can use this procedure to reset the OS_FILE_MAX_SIZE
property.
You can also use this procedure to reset an audit trail property to its default value. You need to set use_default_values
to TRUE
when invoking the procedure.
The DB_DELETE_BATCH_SIZE
property needs to be individually cleared for the AUDIT_TRAIL_AUD_STD
and AUDIT_TRAIL_FGA_STD
audit trail types. You cannot clear this property collectively using the AUDIT_TRAIL_DB_STD
and AUDIT_TRAIL_ALL
audit trail types.
You cannot clear the value for the CLEANUP_INTERVAL
property.
Examples
The following example calls the CLEAR_AUDIT_TRAIL_PROPERTY
procedure to clear the value for the audit trail property OS_FILE_MAX_SIZE
because the procedure uses a value of FALSE
for the USE_DEFAULT_VALUES
parameter. This means that the OS_FILE_MAX_SIZE
property will no longer determine the size of the operating system (OS) audit files.
BEGIN DBMS_AUDIT_MGMT.CLEAR_AUDIT_TRAIL_PROPERTY( AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS, AUDIT_TRAIL_PROPERTY => DBMS_AUDIT_MGMT.OS_FILE_MAX_SIZE, USE_DEFAULT_VALUES => FALSE ); END; /
The CLEAR_LAST_ARCHIVE_TIMESTAMP
procedure clears the timestamp set by the SET_LAST_ARCHIVE_TIMESTAMP
procedure.
Syntax
DBMS_AUDIT_MGMT.CLEAR_LAST_ARCHIVE_TIMESTAMP( audit_trail_type IN PLS_INTEGER, rac_instance_number IN PLS_INTEGER DEFAULT 0) ;
Parameters
Parameter | Description |
---|---|
audit_trail_type |
Enter the audit trail type for which the timestamp needs to be cleared. Table 14-1 lists the audit trail types. |
rac_instance_number |
Enter the instance number for the Oracle Real Application Clusters (Oracle RAC) instance. The default value is 0, which is used for the database audit trail type.
The |
Usage Notes
None
Example
The following example calls the CLEAR_LAST_ARCHIVE_TIMESTAMP
procedure to clear the timestamp value for the operating system (OS) audit trail type.
BEGIN DBMS_AUDIT_MGMT.CLEAR_LAST_ARCHIVE_TIMESTAMP( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS, rac_instance_number => 1 /* single instance database */); END; /
The CREATE_PURGE_JOB
procedure creates a purge job for periodically deleting the audit trail records. The procedure can use the timestamp value set by the SET_LAST_ARCHIVE_TIMESTAMP
procedure to determine the records to be deleted.
This procedure performs the cleanup operation on an intervals that you specify. It calls the CLEAN_AUDIT_TRAIL
procedure to perform the cleanup operation.
The SET_PURGE_JOB_INTERVAL
procedure is used to modify the frequency of the purge job.
The SET_PURGE_JOB_STATUS
procedure is used to enable or disable the purge job.
The DROP_PURGE_JOB
procedure is used to drop a purge job created with the CREATE_PURGE_JOB
procedure.
Syntax
DBMS_AUDIT_MGMT.CREATE_PURGE_JOB( audit_trail_type IN PLS_INTEGER, audit_trail_purge_interval IN PLS_INTEGER, audit_trail_purge_name IN VARCHAR2, use_last_arch_timestamp IN BOOLEAN DEFAULT TRUE) ;
Parameters
Parameter | Description |
---|---|
audit_trail_type |
Enter the audit trail type for which the purge job needs to be created. Table 14-1 lists the audit trail types. |
audit_trail_purge_interval |
Enter the interval, in hours, at which the clean up procedure is called. A lower value means that the cleanup is performed more often. |
audit_trail_purge_name |
A name to identify the purge job |
use_last_arch_timestamp |
Specify whether the last archived timestamp should be used to determine the records that should be deleted.
A value of A value of The default value is |
Usage Notes
Use this procedure to schedule the CLEAN_AUDIT_TRAIL
procedure for your audit records.
Examples
The following example calls the CREATE_PURGE_JOB
procedure to create a cleanup job called CLEANUP
for all audit trail types. It sets the audit_trail_purge_interval
parameter to 100 to invoke that the cleanup job every 100 hours. It also sets the use_last_arch_timestamp
parameter value to TRUE
, so that all audit records older than the last archive timestamp are deleted.
BEGIN DBMS_AUDIT_MGMT.CREATE_PURGE_JOB( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL, audit_trail_purge_interval => 100 /* hours */, audit_trail_purge_name => 'CLEANUP', use_last_arch_timestamp => TRUE); END; /
The DEINIT_CLEANUP
procedure undoes the setup and initialization performed by the INIT_CLEANUP
procedure. The DEINIT_CLEANUP
procedure clears the value of the default_cleanup_interval
parameter. However, it does not move the audit trail tables back to their original location.
Syntax
DBMS_AUDIT_MGMT.DEINIT_CLEANUP( audit_trail_type IN PLS_INTEGER) ;
Parameters
Parameter | Description |
---|---|
audit_trail_type |
Enter the audit trail type for which the procedure needs to be called.
Table 14-1 lists the audit trail types. |
Usage Notes
You can change the default_cleanup_interval
later using the SET_AUDIT_TRAIL_PROPERTY
procedure.
Examples
The following example clears the default_cleanup_interval
parameter setting for the standard database audit trail:
BEGIN DBMS_AUDIT_MGMT.DEINIT_CLEANUP( AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD); END; /
The DROP_PURGE_JOB
procedure drops the purge job that was created using the CREATE_PURGE_JOB
procedure. The name of the purge job is passed as an argument.
Syntax
DBMS_AUDIT_MGMT.DROP_PURGE_JOB( audit_trail_purge_name IN VARCHAR2) ;
Parameter
Parameter | Description |
---|---|
audit_trail_purge_name |
Enter the name of the purge job to be deleted. This is the purge job name that you specified with the CREATE_PURGE_JOB procedure. |
Usage Notes
None
Examples
The following example calls the DROP_PURGE_JOB
procedure to drop the purge job called CLEANUP
.
BEGIN DBMS_AUDIT_MGMT.DROP_PURGE_JOB( AUDIT_TRAIL_PURGE_NAME => 'CLEANUP'); END; /
The GET_AUDIT_COMMIT_DELAY
function returns the number of seconds allowed for a COMMIT
operation to take place when an audit record is written to the database. The default time is 5 seconds. If the COMMIT
operation exceeds this time, then Oracle Database writes each audit record to an operating system file, even if the AUDIT_TRAIL
initialization parameter is set to DB
or DB, EXTENDED
.
Syntax
DBMS_AUDIT_MGMT.GET_AUDIT_COMMIT_DELAY RETURN NUMBER;
Parameters
None
Usage Notes
None
Examples
None
The INIT_CLEANUP
procedure sets up the audit management infrastructure and sets a default cleanup interval for the audit trail records. The procedure also moves the audit trail tables out of the SYSTEM
tablespace.
Moving the audit trail tables out of the SYSTEM
tablespace enhances overall database performance. The INIT_CLEANUP
procedure moves the audit trail tables to the SYSAUX
tablespace. If the SET_AUDIT_TRAIL_LOCATION
procedure has already moved the audit tables elsewhere, then they are not moved back to the SYSAUX
tablespace.
The SET_AUDIT_TRAIL_LOCATION
procedure enables you to specify an alternate target tablespace for the database audit tables.
The INIT_CLEANUP
procedure is currently not relevant for the AUDIT_TRAIL_OS
, AUDIT_TRAIL_XML
, and AUDIT_TRAIL_FILES
audit trail types. No preliminary set up is required for these audit trail types.
This procedure also sets a default cleanup interval for the audit trail records.
Syntax
DBMS_AUDIT_MGMT.INIT_CLEANUP( audit_trail_type IN PLS_INTEGER, default_cleanup_interval IN PLS_INTEGER);
Parameters
Parameter | Description |
---|---|
audit_trail_type |
Enter the audit trail type for which the clean up operation needs to be initialized.
Table 14-1 lists audit trail types. |
default_cleanup_interval |
Enter the default time interval, in hours, after which the cleanup procedure should be called. The minimum value is 1 and the maximum is 999. |
Usage Notes
This procedure may involve data movement across tablespaces. This can be a resource-intensive operation, especially if your database audit trail tables are already populated. Oracle recommends that you invoke the procedure during nonpeak hours.
You should ensure that the SYSAUX
tablespace, into which the audit trail tables are being moved, has sufficient space to accommodate the audit trail tables. You should also optimize the SYSAUX
tablespace for frequent write operations.
You can change the default_cleanup_interval
later using the SET_AUDIT_TRAIL_PROPERTY
procedure.
Examples
The following example calls the INIT_CLEANUP
procedure to set a default_cleanup_interval
of 12 hours for all audit trail types:
BEGIN DBMS_AUDIT_MGMT.INIT_CLEANUP( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL, default_cleanup_interval => 12 /* hours */); END; /
The IS_CLEANUP_INITIALIZED
function checks if the INIT_CLEANUP
procedure has been run for an audit trail type. The IS_CLEANUP_INITIALIZED
function returns TRUE
if the procedure has already been run for the audit trail type. It returns FALSE
if the procedure has not been run for the audit trail type.
This function does not apply to the AUDIT_TRAIL_OS
, AUDIT_TRAIL_XML
, and AUDIT_TRAIL_FILES
audit trail types. The function always returns TRUE
for these audit trail types. No preliminary set up is required for these audit trail types.
Syntax
DBMS_AUDIT_MGMT.IS_CLEANUP_INITIALIZED( audit_trail_type IN PLS_INTEGER) RETURN BOOLEAN;
Parameters
Parameter | Description |
---|---|
audit_trail_type |
Enter the audit trail type for which the function needs to be called.
Table 14-1 lists the audit trail types. |
Usage Notes
None
Examples
The following example checks if the standard database audit trail type has been initialized for a cleanup operation. If the audit trail type has not been initialized, then the example calls the INIT_CLEANUP
procedure to initialize the audit trail type.
BEGIN IF NOT DBMS_AUDIT_MGMT.IS_CLEANUP_INITIALIZED(DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD) THEN DBMS_AUDIT_MGMT.INIT_CLEANUP( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, default_cleanup_interval => 12 /* hours */); END IF; END; /
The SET_AUDIT_TRAIL_LOCATION
procedure moves the audit trail tables from their current tablespace to a user-specified tablespace.
The SET_AUDIT_TRAIL_LOCATION
procedure does not apply to the AUDIT_TRAIL_OS
, AUDIT_TRAIL_XML
, and AUDIT_TRAIL_FILES
audit trail types. The AUDIT_FILE_DEST
initialization parameter can be used to specify the destination directory for these audit trail types.
Syntax
DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_LOCATION( audit_trail_type IN PLS_INTEGER, audit_trail_location_value IN VARCHAR2) ;
Parameters
Parameter | Description |
---|---|
audit_trail_type |
Enter the audit trail type for which the audit trail location needs to be set.
Table 14-1 lists audit trail types. |
audit_trail_location_value |
Enter the target location or tablespace for the audit trail records |
Usage Notes
This procedure involves data movement across tablespaces. This can be a resource-intensive operation, especially if your database audit trail tables are already populated. Oracle recommends that you run the procedure during nonpeak hours.
You should ensure that the target tablespace, into which the audit trail tables are being moved, has sufficient space to accommodate the audit trail tables. You should also optimize the target tablespace for frequent write operations. For more information, see Oracle Database Performance Tuning Guide and Oracle Database Administrator's Guide.
Examples
The following example moves the database audit trail tables, AUD$
and FGA_LOG$
, from the current tablespace to a user-created tablespace called RECORDS
:
BEGIN DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_LOCATION( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD, audit_trail_location_value => 'RECORDS'); END; /
The SET_AUDIT_TRAIL_PROPERTY
procedure sets the audit trail properties for the audit trail type that you specify.
The procedure sets properties such as OS_FILE_MAX_SIZE
and OS_FILE_MAX_AGE
for operating system (OS) and XML audit trail types. These properties determine the maximum size and age of an audit trail file before a new audit trail file is created.
The procedure sets properties such as DB_DELETE_BATCH_SIZE
and CLEANUP_INTERVAL
for the database audit trail type. DB_DELETE_BATCH_SIZE
specifies the batch size in which records are deleted from audit trail tables. This ensures that if a cleanup operation is interrupted midway, the process does not need to start afresh the next time it is invoked. This is because all batches before the last processed batch are already deleted.
The CLEANUP_INTERVAL
property value specifies the frequency, in hours, with which the cleanup procedure is called.
Syntax
DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY( audit_trail_type IN PLS_INTEGER, audit_trail_property IN PLS_INTEGER, audit_trail_property_value IN PLS_INTEGER) ;
Parameters
Parameter | Description |
---|---|
audit_trail_type |
Enter the audit trail type for which the property needs to be set. Table 14-1 lists audit trail types. |
audit_trail_property |
Enter the audit trail property that is being set. Table 14-2 lists audit trail properties. |
audit_trail_property_value |
Enter the value of the property specified using audit_trail_property . The following are valid values for audit trail properties:
|
Usage Notes
The audit trail properties for which you do not explicitly set values use their default values.
If you have set both the OS_FILE_MAX_SIZE
and OS_FILE_MAX_AGE
properties for an operating system (OS) or XML audit trail type, then a new audit trail file is created, depending on which of these two limits is reached first.
For example, suppose OS_FILE_MAX_SIZE
is 10000 and OS_FILE_MAX_AGE
is 5. If the operating system audit file is already more than 5 days old and has a size of 9000 KB, then a new audit file is opened, because one of the limits has been reached.
You must individually set the DB_DELETE_BATCH_SIZE
property for the AUDIT_TRAIL_AUD_STD
and AUDIT_TRAIL_FGA_STD
audit trail types. You cannot set this property collectively using the AUDIT_TRAIL_DB_STD
and AUDIT_TRAIL_ALL
audit trail types.
Examples
The following example calls the SET_AUDIT_TRAIL_PROPERTY
procedure to set the OS_FILE_MAX_SIZE
property for the operating system (OS) audit trail. It sets this property value to 102400, so that a new audit file is created every time the current audit file size reaches 100 MB.
BEGIN DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS, audit_trail_property => DBMS_AUDIT_MGMT.OS_FILE_MAX_SIZE, audit_trail_property_value => 102400 /* 100MB*/ ); END; /
The following example calls the SET_AUDIT_TRAIL_PROPERTY
procedure to set the OS_FILE_MAX_AGE
property for the operating system (OS) audit trail. It sets this property value to 5, so that a new audit file is created every sixth day.
BEGIN DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS, audit_trail_property => DBMS_AUDIT_MGMT.OS_FILE_MAX_AGE, audit_trail_property_value => 5 /* days */); END; /
The following example calls the SET_AUDIT_TRAIL_PROPERTY
procedure to set the DB_DELETE_BATCH_SIZE
property for the AUDIT_TRAIL_AUD_STD
audit trail. It sets this property value to 100000. Thus, during a cleanup operation, audit records are deleted from the SYS.AUD$
table in batches of 100000 records.
BEGIN DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, audit_trail_property => DBMS_AUDIT_MGMT.DB_DELETE_BATCH_SIZE, audit_trail_property_value => 100000 /* delete batch size */); END; /
The SET_DEBUG_LEVEL
procedure sets the trace level for the DBMS_AUDIT_MGMT
package. The default trace level, TRACE_LEVEL_ERROR
, logs only the error messages as trace messages. The debug trace level, TRACE_LEVEL_DEBUG
, logs detailed debug messages.
Syntax
DBMS_AUDIT_MGMT.SET_DEBUG_LEVEL( debug_level IN PLS_INTEGER DEFAULT TRACE_LEVEL_ERROR);
Parameters
Parameter | Description |
---|---|
debug_level |
Enter the trace level.
|
Usage Notes
None
Examples
The following example calls the SET_DEBUG_LEVEL
procedure to enable enhanced debugging.
BEGIN DBMS_AUDIT_MGMT.SET_DEBUG_LEVEL( debug_level => DBMS_AUDIT_MGMT.TRACE_LEVEL_DEBUG); END; /
The SET_LAST_ARCHIVE_TIMESTAMP
procedure sets a timestamp indicating when the audit records were last archived. The audit administrator provides the timestamp to be attached to the audit records. The CLEAN_AUDIT_TRAIL
procedure uses this timestamp to determine the audit records to be deleted.
Syntax
DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP( audit_trail_type IN PLS_INTEGER, last_archive_time IN TIMESTAMP, rac_instance_number IN PLS_INTEGER DEFAULT 0) ;
Parameters
Parameter | Description |
---|---|
audit_trail_type |
Enter the audit trail type for which the timestamp needs to be set. Table 14-1 lists audit trail types. |
last_archive_time |
Enter the TIMESTAMP value to be attached to the audit records. This indicates the last time when the audit records were archived. |
rac_instance_number |
Enter the instance number for the Oracle Real Application Clusters (Oracle RAC) instance. The default value is 0, which is used for the database audit trail type.
The |
Usage Notes
You must set the last_archive_time
parameter using Coordinated Universal Time (UTC) for the AUDIT_TRAIL_AUD_STD
and AUDIT_TRAIL_FGA_STD
audit trail types. This is because the database audit trails store the timestamps in UTC. UTC is also known as Greenwich Mean Time (GMT).
You must set the last_archive_time
parameter using the local time zone time for the AUDIT_TRAIL_OS
and AUDIT_TRAIL_XML
audit trail types. This is because the operating system audit records are stored as files that use the local time zone for their last modification timestamps.
If you are using and Oracle RAC database, Oracle recommends that you use the Network Time Protocol (NTP) to synchronize individual Oracle RAC nodes.
Examples
The following example uses the SET_LAST_ARCHIVE_TIMESTAMP
procedure to set the last archive timestamp for the operating system (OS) audit trail type. It uses the TO_TIMESTAMP
function to convert a character string into a timestamp value.
BEGIN DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS, last_archive_time => TO_TIMESTAMP('10-SEP-0714:10:10.0','DD-MON-RRHH24:MI:SS.FF'), rac_instance_number => 1 /* single instance database */); END; /
The SET_PURGE_JOB_INTERVAL
procedure sets the interval at which the CLEAN_AUDIT_TRAIL
procedure is called for the purge job specified. The purge job must have already been created using the CREATE_PURGE_JOB
procedure.
Syntax
DBMS_AUDIT_MGMT.SET_PURGE_JOB_INTERVAL( audit_trail_purge_name IN VARCHAR2, audit_trail_interval_value IN PLS_INTEGER) ;
Parameters
Parameter | Description |
---|---|
audit_trail_purge_name |
Enter the name of the purge job for which the interval is being set. This is the purge job name that you specified with the CREATE_PURGE_JOB procedure. |
audit_trail_interval_value |
Enter the interval, in hours, at which the cleanup procedure should be called. This value modifies the audit_trail_purge_interval parameter set using the CREATE_PURGE_JOB procedure. |
Usage Notes
Use this procedure to modify the audit_trail_purge_interval
parameter set using the CREATE_PURGE_JOB
procedure.
Examples
The following example calls the SET_PURGE_JOB_INTERVAL
procedure to change the frequency at which the purge job called CLEANUP
is invoked. The new interval is set to 24 hours.
BEGIN DBMS_AUDIT_MGMT.SET_PURGE_JOB_INTERVAL( AUDIT_TRAIL_PURGE_NAME => 'CLEANUP', AUDIT_TRAIL_INTERVAL_VALUE => 24 ); END; /
The SET_PURGE_JOB_STATUS
procedure enables or disables the specified purge job. The purge job must have already been created using the CREATE_PURGE_JOB
procedure.
Syntax
DBMS_AUDIT_MGMT.SET_PURGE_JOB_STATUS( audit_trail_purge_name IN VARCHAR2, audit_trail_status_value IN PLS_INTEGER) ;
Parameters
Parameter | Description |
---|---|
audit_trail_purge_name |
Enter the name of the purge job for which the status is being set. This is the purge job name that you specified with the CREATE_PURGE_JOB procedure. |
audit_trail_status_value |
Enter one of the values specified in Table 14-3.
The value The value |
Usage Notes
None
Examples
The following example calls the SET_PURGE_JOB_STATUS
procedure to enable the CLEANUP
purge job.
BEGIN DBMS_AUDIT_MGMT.SET_PURGE_JOB_STATUS( audit_trail_purge_name => 'CLEANUP', audit_trail_status_value => DBMS_AUDIT_MGMT.PURGE_JOB_ENABLE); END; /