Retrieve and Provision Audit Policies

You can retrieve and provision audit policies for one or more databases at a time by using the Activity Auditing wizard.

Note:

Provisioning and retrieval of audit policies is not supported in Oracle Database 12.1 and below.

  1. Click the Home tab, and then click Activity Auditing.
  2. (Optional) If you haven't granted the Activity Auditing roles on your target database, do the following:
    1. If your target database is database other than an Autonomous Database, click Download Privilege Script, download the datasafe_privileges.sql script to your local computer, and then run the script on your target database.
    2. If your target database is an Autonomous Database, run the DS_TARGET_UTIL PL/SQL package on your Autonomous Database.
  3. Select the check box for the target database that you want to audit.
    Only target databases to which you have access are listed.
    You can select multiple target databases.
  4. If your target database is not listed, click Register and register your database.
  5. Click Continue.
    The Retrieve Audit Policies page is displayed.
  6. Select the check box for your target database, and then click Retrieve.
  7. Wait until the Retrieval Status column displays a check mark.
    A check mark indicates that the audit policies are successfully retrieved from your target database.
    You need to successfully retrieve audit policies for your target database at least once before you can provision audit policies on your target database.
  8. Click Continue.
    The Review and Provision Audit and Alert Policies page is displayed.
  9. Review the current audit configuration for the target database.
  10. To modify the audit policy configuration, do the following:
    1. Click your target database's name.
      The Audit Policies tab in the Edit Policies dialog box is displayed.
    2. (Optional) Select or deselect one or more categories provided by Oracle Data Safe.
    3. (Optional) Select or deselect one or more compliance policies.
    4. (Optional) Select or deselect one or more custom or Oracle predefined audit policies.
  11. To modify the alert policy configuration, do the following:
    1. Click the Alert Policies tab.
    2. Select or deselect one or more alert policies.
  12. Click Provision.
    You are returned to the Review and Provision Audit and Alert Policies page.
  13. Review the audit and alert policy configuration, and then click Continue.

    The Start Audit Collection page is displayed. Oracle Data Safe automatically selects an audit trail for each of your registered target databases based on their type. For example, Oracle Data Safe selects UNIFIED_AUDIT_TRAIL for Autonomous Databases.

  14. If you want to use the default selected audit trail, complete the following:
    1. In the Collect Audit Data From column, click the calendar widget, configure a start date, and then click Done.

      Audit records are continuously collected from the target database and stored in Oracle Data Safe based on the total audit data retention period (in months), which is equal to the online period plus the archive period. For example, if you configure the online period to be three months and the archive period to be twelve months, the total audit data retention period is fifteen months. Audit records generated on the target database from four to fifteen months ago are archived. Audit records generated from the present date to three months ago are stored online.

      Values for To Be Collected, Collected, and Total columns are calculated when you select the Collect Audit Data From date.

    2. Wait for the To Be Collected, Collected, and Total columns to populate.

      The To Be Collected column shows you the number of records to be retrieved for the selected audit trail since the specified start date.

      The Collected column shows the number of audit records already collected for the current month for the target database (includes audit data collected from all the audit trails for the target database). This value helps you to determine whether you are going to exceed your monthly free quota of one million records. You need to review this information prior to starting the audit trail, or change the Collect Audit Data From date to reduce the number of audit records collected and not incur any charge. If you have not elected Paid Usage for this target database, then you will need to change the Collect Audit Data From date to stay within the one million limit for the month.

      The Total column totals the To Be Collected and Collected values for a target database. This value tells you the overall number of audit records you are going to collect for a target database for the current month.

    3. (Optional) Click the refresh button for a particular row in the Collected column to update the value.
    4. To enable or disable auto purge for your target database, move the slider in the Auto Purge Trail column to the right (ON) or left (OFF).
    5. To start audit collection, click Start.

      The Start Audit Collection dialog box is displayed. It lists the target databases for which you are going to collect audit records and asks you to confirm.

    6. To confirm, click Start.
  15. If you want to add additional audit trails for a target database, do the following:
    1. Click Add.

      The Register Audit Trail dialog box is displayed. Trail Type is set to TABLE.

    2. Select a target database.
      The number of audit records available for the current month in the default selected audit trail is automatically calculated and displayed next to Records Already Collected.
    3. Select one or more audit trails.
      The Records Already Collected value is recalculated and includes records for all selected audit trails.
    4. To enable or disable auto purge for the selected target database, move the Auto Purge Trail slider to the right (ON) or left (OFF).

      Audit records are continuously collected from the target database and stored in Oracle Data Safe based on the total audit data retention period (in months), which is equal to the online period plus the archive period. For example, if you configure the online period to be three months and the archive period to be twelve months, the total audit data retention period is fifteen months. Audit records generated on the target database from four to fifteen months ago are archived. Audit records generated from the present date to three months ago are stored online.

      When you enable auto-purge, all audit records in the target database are deleted after the collection is completed, including those older than the retention period and hence not collected into the Oracle Data Safe repository.

    5. From the Collect Audit Data From drop-down list, click the calendar widget, configure a start date, and then click Done.

      You can configure a date as far back as the total audit retention period (online period plus archive period) set for that database. Dates prior to the Audit Data Retention Period (under Settings) are not available. Oracle Data Safe

      collects audit records into its repository from the selected date and onward. The date you select here only affects the selected target database.

      A message is displayed at the bottom of the dialog box requesting that you compute and review the audit record count before you complete the registration.

    6. To display the number of additional audit records to be collected into the Oracle Data Safe repository, click Compute audit record count.

      If the total number of records for the month (number of records collected and records to be collected) exceeds one million, be aware that if you proceed, you will exceed your free monthly quota and incur charges (if you chose Paid Usage for the target database). If you did not choose Paid Usage for the target database, then you need to change the Collect Audit Data From date to stay within the one million free limit for the month.

    7. (Optional) To view pricing information for audit collection, click Pricing Details.
    8. Click Register.

      When registration is completed, the audit trail is listed in the table on the Audit Trails page and the message Successfully created the trail is displayed at the top of the page.

  16. Click Done.

    The Audit Trails page is displayed.

  17. View the Collection State column.

    When the audit trail is started, the collection state shows as STARTING. When the collector begins retrieving audit data from the target database, the state shows as COLLECTING. After collection is completed, the state shows as IDLE.

    Audit data collection happens periodically. During collection, the state alternates between COLLECTING and IDLE. If you manually stop the audit trail, the state becomes SUSPEND_IMMEDIATE_ISSUED. You can start the trail to resume normal operations.

    If after trying for some time the collector is not able to reach the target database (for example, if the network is down or if the Oracle Data Safe user account on the target database is changed), the collection state shows as SUSPENDED.

    If the monthly limits for audit data collection for the target database are reached and you are not electing to pay to collect audit data beyond the limit, the state shows as STOPPED. You can extend your limit on the Settings tab.