1. Using Oracle Data Safe
  2. Activity Auditing
  3. Audit Profiles

Audit Profiles

When you register a target database, Oracle Data Safe automatically creates an audit profile resource for your target database.

About Oracle Data Safe Audit Profiles

An audit profile defines the online retention period, offline retention period, and the paid usage settings for a target database. It can show you audit data volume to help you configure audit data collection in Oracle Data Safe. It's also responsible for automatically discovering audit trails in the target database during target registration. A target database has exactly one audit profile.

Audit Data Retention

Activity auditing collects audit records from audit trails for select target databases and copies the data into the Oracle Data Safe audit repository. The repository consists of online storage (available for immediate reporting and analysis) and offline storage (archive). The audit data retention feature helps you to manage the volume of audit data in the Oracle Data Safe database and in the archive.

There are two audit data retention settings that you need to configure for each target database: online retention period and offline retention period.
  • The online retention period specifies the number of months to store audit data in online storage. The minimum online retention period is one month and the maximum is twelve months.
  • The offline retention period specifies the number of months to store audit data in offline storage. By default, the offline retention period for a target database is set to zero months. The minimum offline retention period you can set is zero months and the maximum is 72 months (six years). Thus, you can archive audit data for a maximum of seven years in Oracle Data Safe from the time the audit record was generated on the target database (one year online and six years in the archive). If you have a requirement to store the audit data even longer in archive, please contact the Oracle Support.
Audit records are continuously collected from the target database and stored in Oracle Data Safe based on the total audit data retention period (in months), which is equal to the online retention period plus the offline retention period. For example, if you configure the online period to be three months and the archive period to be twelve months, the total audit data retention period is fifteen months. Audit records generated from the present date to three months ago are stored online. Audit records generated on the target database from four to fifteen months ago are archived.

Caution:

All other audit records are purged.

Audit Data Retrieval

Retrieval of audit data returns the audit data from offline archive storage to online Data Safe repository in order to make it available for online reports.

At any time, you can retrieve up to twelve months of archived audit data for each of your target databases. There is no requirement for the twelve month period to be consecutive. Retrieving audit data from the archive usually takes at least one hour.

Suppose you retrieve four months of archived data for a target database. You can do a second retrieval of up to eight months of archived data. If you drop the four months of retrieved data prior to doing the second retrieval, then you can retrieve twelve months of archived data. If you need to retrieve more than twelve months of archived data for any target database, you can file a service request with Oracle Support. In the service request, specify the increase in months needed and how long (in months) you need the increase to be in effect. The increased limit applies to all target databases in your tenancy.

You can retrieve audit data from the archive up to six times per month per target database. If needed, you can request an increase by filing a service request with Oracle Support. In the service request, specify how many more retrievals per month you require. The increased limit applies to all target databases in your tenancy.

Global Settings

Each regional Oracle Data Safe service has global settings for online retention period, archive retention period, and paid usage. Global settings are applied to all target databases unless their audit profiles override them. By default, the online retention period is set to the maximum value of 12 months, the archive retention period is set to the minimum value of 0 months, and paid usage is enabled for all target databases.

If you want to modify the preferences for all targets, use Global Settings. If you want to modify preferences for a specific target database, use the audit profile settings for the target.

Paid Usage

Oracle Data Safe can collect an unlimited number of audit records per month per target database. The first one million audit records it collects per month per target database are free. Beyond that, you may incur charges. Please consult the Oracle Cloud price list.

You can enable or disable paid usage at a global or target database level. By default, paid usage is enabled at the global settings and all target databases inherit this global setting. This default setting allows Oracle Data Safe to continue collection beyond a million audit records per month per target database. You can override the global setting for a target database in its audit profile to disable paid usage.

If you want Oracle Data Safe to continue collecting audit data beyond the free monthly limit, you need to enable paid usage for the applicable target databases.

If you don't want Oracle Data Safe to continue collecting audit data beyond the free monthly limit, you need to disable paid usage for the applicable target databases. When the limit is reached, Oracle Data Safe stops collecting audit data from the target databases (by stopping the audit trails), and then resumes collection the following month.

Audit Data Volume

On an Audit Profile Details page, you can view monthly audit data volume, including the number of available audit records on your target database, the number of collected audit records in Oracle Data Safe that are available for online reporting, and the number of archived audit records in Oracle Data Safe. These numbers are intended to provide the information you need to configure audit data collection in Oracle Data Safe. Oracle Data Safe also uses them to calculate your monthly billing cycle. Audit records for actions performed by the Oracle Data Safe service account on a target database are excluded from the calculations.

The Audit Records (current calendar month) field on the Audit Profile Details tab shows number of audit records collected by Data Safe in the current calendar month. Audit records for the Data Safe service account on the target database are excluded and are not counted towards your monthly free limit. Monthly values are updated every 24 hours.

Under Compute Audit Volume on this page, you can compute available audit records on your target database for each audit trail that has not yet been collected by Oracle Data Safe. Here you can also compute the number of collected audit records in Oracle Data Safe that are available for online reporting, and the number of archived audit records in Oracle Data Safe. This helps provide the information you need to configure audit data collection in Oracle Data Safe.

Deregistered Target Databases

If you deregister a target database, the audit data collected for it in the Oracle Data Safe repository is retained according to how you set the online and offline retention periods before you deregistered the target database. Metadata for the deregistered target database is kept indefinitely.

Related Topics