Before you perform auditing for Oracle Access Management, ensure to set up the audit data store and set up publishing for audit reports.
The following overview provides a list of the tasks that must be performed before auditing:
Set up the audit data store.
Set up publishing for audit reports.
Edit the Audit Configuration in the Oracle Access Management Console, as described in:
See Validating Auditing and Reports for details on how to test and validate the audit configuration.
Here is an overview of the tasks required to create the audit database and extend the schema using the Repository Creation Utility (RCU).
This task is required before you can audit events for Oracle Access Management if you choose a database store for audit data.
Securing Applications with Oracle Platform Security Services for details on managing the audit store
Oracle Fusion Middleware Repository Creation Utility User's Guide
To create an audit database store:
See "Create the Audit Schema using RCU" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
See "Set Up Audit Data Sources" in the Securing Applications with Oracle Platform Security Services:
Use the Java EE audit loader configuration for WebLogic Server.
Use the JNDI name of the data source jdbc/AuditDB that points to the database that was set up in step 2 above.
($DOMAIN_HOME/config/fmwconfig/jps-config.xml), enable database auditing by changing the value of the property
DB. For example:
<serviceInstance name="audit.db" provider="audit.provider"> <property name="audit.loader.repositoryType" value="DB"/> <property name="auditstore.type" value="db"/> <property name="audit.loader.jndi" value="jdbc/AuditDB"/> <property name="audit.maxDirSize" value="0"/> <property name="audit.filterPreset" value="None"/> <property name="audit.maxFileSize" value="104857600"/> <property name="audit.loader.interval" value="15"/> <propertySetRef ref="props.db.1"/> </serviceInstance>
You must prepare Oracle Business Intelligence Publisher Enterprise Edition (EE) for use with Oracle Access Management audit reports.
Here is an outline of the procedure to prepare Oracle Business Intelligence Publisher EE.
Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition
Oracle Fusion Middleware Developer's Guide for Oracle Business Intelligence Enterprise Edition
Securing Applications with Oracle Platform Security Services
To prepare Oracle Business Intelligence Publisher:
See the Oracle Business Intelligence Enterprise Edition Installation and Upgrade Guide.
See "Set Up Oracle Reports in Oracle Business Intelligence Publisher" in the Securing Applications with Oracle Platform Security Services:
oam_audit_reports_11_1_2_0_0.zip into your Reports folder.
This zip file is located in the $ORACLE_HOME/oam/server/reports/ directory.
AuditReportTemplates.jar into your Reports folder.
AuditReportTemplates.jar is located in the $MW_ORA_HOME/oracle_common/modules/oracle.iau_11.1.1/reports/ directory.
Set up the JNDI connection for the audit data source or the JDBC connection the audit database.
The datasource name must be "Audit".
Within Oracle Access Management, certain Audit Configuration settings are accessible as Common Settings under the System Configuration. These settings are not required when you audit to a database.
Figure 8-2 shows the Audit Configuration section of the Common Settings page.
Figure 8-2 Common Settings: Auditing Configuration
The Auditing section provides settings for the Log Directory, Filter Settings, and Audit Configuration Users.
The actual log directory cannot be configured using the Oracle Access Management Console. It is the default directory for the Common Audit Framework audit loader. Changing the directory impacts the audit loader and is not supported.
Table 8-13 describes the elements in the Audit Configuration page.
Table 8-13 Audit Configuration Elements
Maximum Directory Size
The maximum size, in MBs, of the directory that contains audit output files. For example, assuming that the maximum file size is 10, a value of 100 for this parameter implies that the directory allows a maximum of 10 files. Once the maximum directory size is reached, the audit logging stops.
For example, a value of 100 specifies a maximum of 10 files if the file size is 10 MB. If the size exceeds this, the creation of audit logs stops.
This is configured using the
Maximum File Size
The maximum size, in MBs, of an audit log file. Once the size of a file reaches the maxi mum size, a new log file is created. For example, specifying 10 directs file rotation when the file size reaches 10 MB.
This is configured using the
Check this box to enable event filtering.
Defines the amount and type of information that is logged when the filter is enabled. The default value is Low.
Events for each filter preset are fixed in the read-only component_events.xml file. Editing or customizing this file is not supported for Oracle Access Management. Only items that are configured for auditing at the specified filter preset can be audited.
Specifies the list of users whose actions are included only when the filter is enabled. All actions of the special users are audited regardless of the filter preset. Administrators can add, remove or edit special users from this table.
The Administrator controls the amount and type of information that is logged by choosing a filter preset from the Audit Configuration tab on the OAM Server Common Properties page.
Auditable events for each filter preset are fixed in the read-only
component_events.xml file. Editing or customizing this file is not supported.
The following procedure describes how to add, view, or edit OAM Server Common Audit Configuration settings. Individual audit policies cannot be configured using Fusion Middleware Control. Oracle Access Management does not use JPS infrastructure to configure the audit configuration. There are no WebLogic Scripting Tool (WLST) commands for auditing.
Maximum Log directory size
Maximum Log file size
Filter Preset (to define verbosity of audit data)
Users to include specific users from the audit by clicking the Add (+) button above the Users table and entering a value in the field.