Audit Data Lifecycle Management
The audit data retention, archival, and retrieval features help you to manage the quantity of audit data that you store with the Activity Auditing feature.
This article has the following topics:
Parent topic: Activity Auditing
Audit Data Retention
Activity auditing collects audit records from audit trails for select target databases and copies the data into the Oracle Data Safe audit repository. The repository consists of online storage (available for immediate reporting and analysis) and offline storage (archive). The audit data retention feature helps you to manage the volume of audit data in the Oracle Data Safe database and in the archive.
You can store up to twelve months of audit data online by specifying the online period on the Audit Data Retention Settings page. The minimum online retention period is one month.
Up to one million audit records per month per target database are included in Oracle Data Safe at no additional cost. If you exceed this limit, you may be charged for audit records over the limit. It depends on your settings in the Oracle Data SafeConsole. The default is to continue collection beyond a million audit records. If you do not want to pay after it reaches the one million audit records per target per month limit, please configure the service to stop collecting. Tenancy administrators, Oracle Data Safe administrators, and delegated administrators can configure audit collection for target databases to which they have access. For more information on pricing, consult the Oracle Cloud price list.
Audit Data Archival
If you want to retain audit data for more than the online retention period, you can enable archiving by setting the archive period on the Audit Data Retention Settings page. By default, the archive period is zero months. The minimum archive period you can set is zero months and the maximum is 72 months (six years). Thus, you can store audit data for a maximum of seven years in Oracle Data Safe from the time the audit record was generated on the target database (one year online and six years in the archive).
Audit records are continuously collected from the target database and stored in Oracle Data Safe based on the total audit data retention period (in months), which is equal to the online period plus the archive period. For example, if you configure the online period to be three months and the archive period to be twelve months, the total audit data retention period is fifteen months. Audit records generated on the target database from four to fifteen months ago are archived. Audit records generated from the present date to three months ago are stored online.
When your audit data is archived, you cannot view it in reports. To be able to view it in reports, you need to retrieve the data from the archive.
Audit Data Retrieval
At any time, you can retrieve up to twelve months of archived audit data for each of your target databases. There is no requirement for the twelve month period to be consecutive. Retrieving audit data from the archive usually takes at least one hour. You can configure audit data retrieval from the Retrieved Archive Data page.
Suppose you retrieve four months of archived data for a target database. You can do a second retrieval of up to eight months of archived data. If you drop the four months of retrieved data prior to doing the second retrieval, then you can retrieve twelve months of archived data. If you need to retrieve more than twelve months of archived data for any target database, you can file a service request with Oracle Support. In the service request, specify the increase in months needed and how long (in months) you need the increase to be in effect. The increased limit applies to all target databases in your tenancy.
You can retrieve audit data from the archive up to six times per month per target database. If needed, you can request an increase by filing a service request with Oracle Support. In the service request, specify how many more retrievals per month you require. The increased limit applies to all target databases in your tenancy.
Deregistered Target Databases
If you deregister a target database, the audit data collected for it in the Oracle Data Safe repository is retained according to how you set the online period and archive period before you deregistered the target database. Metadata for the deregistered target database is kept indefinitely.