Handling the Audit Trail
File space for the audit trail is one of the biggest issues with auditing. Each host should have several audit directories that are configured for audit files. You should decide how to configure the audit directories as one of the first steps before you enable auditing on any hosts. The following table lists the issues that should be resolved when you plan for audit trail storage.
|
Issues Related to Audit Trail Storage |
What You Need to Plan For |
|---|---|
|
1. Determine how much auditing your site needs. |
Balance your site's security needs against the availability of disk space for the audit trail. For guidance on how to reduce space requirements while still maintaining site security, as well as how to design audit storage, see Controlling Auditing Costs and Auditing Efficiently. |
|
2. Determine which systems are to be audited. Determine which systems are to store audit files. |
Decide which hosts in your network need to be audited. Make sure to create at least one local audit directory for each host that is to be audited. Then, decide which hosts are to hold most of the audit trail. |
|
3. Determine the names and locations of the audit directories. |
Create a list of all the audit directories that you plan to use. |
|
4. Plan which hosts are to use which audit directories. |
Create a map that shows which host should use which audit directory. This step helps you to balance the auditing activity. |
- © 2010, Oracle Corporation and/or its affiliates