Manage Audit Collection

You can manage audit collection from the Audit Trails and Settings pages.

This article has the following topics:

Start and Stop Audit Collection on Target Databases

After you start an audit trail, you can stop and start audit data collection multiple times without any data loss. When the audit trail starts, it resumes the collection from the last point where it stopped collecting.

  1. Click the Targets tab.
  2. On the left, click Audit Trails.
  3. Select the check boxes for the audit trails that you want to modify, and click the Start or Stop button.
    The Collection State column displays the status of each audit trail.

Update Audit Policies

If you need to change the type of audit data that you are collecting for a target database, you can update your audit policy with the Activity Auditing wizard. While working in the wizard, be sure to retrieve the latest list of audit policies available on a target database before you update the audit policy.

  1. Retrieve the latest list of available audit policies on the target database:
    1. Click the Home tab.
    2. On the left, click Activity Auditing.
      The Select Targets for Auditing page is displayed.
    3. Select the check box for the target database on which you want to modify the audit and alert policies, and click Continue.
      The Retrieve Audit Policies page is displayed.
    4. Select the check box for the target database, and click Retrieve.
    5. Wait for the green check mark to be displayed in the Retrieval Status column.
    6. Click Continue.
  2. Provision the audit policy on the target database.
    1. Click the target database name.
      The Edit Policies dialog box is displayed.
    2. On the Audit Policies tab, modify the selection of audit categories and policies, and click Provision.
  3. (Optional) Modify the selected audit categories and policies from the Targets tab.

Enable Auto Purge for Audit Trails

When configuring audit trails, you can choose to enable or disable an automatic weekly purge of audit data collected from the target database. By default, auto purge is disabled when you start audit collection.

  1. Click the Targets tab.
  2. On the left, click Audit Trails.
  3. To enable or disable auto purge for an audit trail, in the Auto Purge Trail column, move the slider to the right for ON or to the left for OFF.

View an Audit Trail Log

You can view audit trail logs from the Audit Trails page.

  1. Click the Targets tab, and then click the Audit Trails tab.
    The Audit Trails page is displayed.
  2. In the Collection State column, click the value (for example, IDLE) .
    The Trail Log dialog box is displayed.
  3. Review the logs, and then click X to close the dialog box.

Remove Audit Trails

Audit data collection is stopped when you remove an audit trail from Oracle Data Safe. The audit data already collected is retained per the audit data retention policy.

  1. Click the Targets tab.
  2. On the left, click Audit Trails.
  3. Select the check boxes for the audit trails that you want to remove. To select all of the audit trails, select the check box before the Target Name header.
  4. Click Delete.
    The Delete Audit Trail dialog box prompts you to confirm the removal of the audit trails.
  5. Click OK.

Configure Audit Data Retention

On the Settings page, you can modify the default audit data retention period and archival period for all target databases and specific target databases.

  1. In the upper-right corner, click Settings.
    The Settings page is displayed.
  2. Click Audit Data Retention Settings.
  3. Modify the default number of months for the online and archive period.
    This action applies default values to all target databases that do not explicity override the default values.
  4. Modify the online and archive period for a particular target database.
    This action overrides the default values for the online and archive periods.
  5. Scroll down to the bottom of the page.
  6. Click Save.
    At the top of the page, a confirmation message is displayed. If you are increasing the online period, newly collected audit records as well as audit records currently online in Oracle Data Safe are kept online for the increased period. But, audit records already archived are not brought back from the archive. If you decreased the online period, then some data for that target database may be archived depending on the audit collection date. If the archive period is decreased, then some data may be purged depending on the audit collection date.

Collect Audit Data Beyond the Free Limit

On the Settings page, you can set a global preference for specific or all target databases to continue or stop collecting audit data after the allowed free number of audit records is reached. You have to pay to collect audit data beyond the free limit. The default setting is to continue collecting for all target databases.

  1. Click the Settings tab.
    The Settings page is displayed.
  2. To set a global preference to collect (or not collect) audit data for all targets after the free limit is reached, select Yes or No at the top of the page.
  3. To collect audit data for particular target databases after the free limit is reached, select No at the top of the page, and then select the check boxes for the target databases.
  4. Click Save.

Retrieve Audit Data for a Target Database from the Archive

You can retrieve audit data for a target database from the archive if archiving is configured for your target database. Data that is retrieved from the archive can be retained for one month only.

  1. Click the Targets tab.
  2. Click Retrieved Archive Data.
    The Retrieved Archive Data page is displayed.
  3. Click Retrieve Data.
    The Retrieve Archive Data dialog box is displayed. Previously retrieved archive data is displayed in the table.
  4. For Target, select the target database for which you want to retrieve archive data.
  5. For Start year/month, select the starting point (year and month) from which you want to retrieve archive data.
  6. For End year/month, select the end point (year and month) for retrieving archive data.
    The number of records to be retrieved from the archive is displayed. This data is for information purposes only and does not affect your billing.
  7. Click Submit, and confirm that you wish to continue.
    Upon confirmation, a job is scheduled to fetch the records from the archive. You can check the status of the retrieval job from the Jobs page. On the Jobs page, look for jobs where the operation name is Retrieval. Retrieval may take approximately an hour to complete. When the retrieval job is completed, the Status column in the Retrieved Archive Data table is set to COMPLETED.

Return Audit Data to the Archive

Prior to the expiry of retrieved audit data, you can choose to drop the data from the online repository and return it to the archive. This operation results in the retrieved data being no longer available in the reports.

  1. Click the Targets tab.
  2. Click Retrieved Archive Data.
    The Retrieved Archive Data page is displayed.
  3. In the row that lists the target database for which you want to return audit data, click Return to archive.
    A job is scheduled and the Status column in the table reads RELEASING. When the job is completed, the row for the target database is removed from the table.