Administering Oracle ASM audit trail

This document explains how to manage the audit trail records in Oracle ASM instances.

Oracle ASM audit records with Syslog

• Oracle ASM audit trail records are redirected to the Syslog facility.

• With this facility, the Oracle ASM audit trail records are written to /var/log/oraasmaudit.log file.

• Log rotation is configured for Oracle ASM audit trail records in /etc/logrotate.d/oraasmaudit configuration file. Audit logs are rotated once every four weeks and will be compressed after they are rotated.

Managing Oracle ASM audit records in Operating system audit trail

Operating system audit trail

Enabling Operating system audit trail

To disable syslog auditing and enable Operating system audit trail, set AUDIT_SYSLOG_LEVEL initialization parameter to NULL and AUDIT_TRAIL initialization parameter to ‘OS’.

See Also:

• AUDIT_FILE_DEST initialization parameter

• AUDIT_TRAIL initialization parameter

Purging Operating system audit trail files

• See Oracle Database Security Guide for more information on purging audit trail files.

• ASMCMD Audit Files Management Commands provides detailed information about ASMCMD commands to manage Oracle ASM audit trail files.

  See Also:

  • audcreatejob ASMCMD command

  • audsettimestamp ASMCMD command

  • audcleanaudittrail ASMCMD command

Managing Oracle ASM audit records in Unified audit trail

Unified audit trail

• See Oracle Database Security Guide for more information about unified auditing.
• Unified audit trail records are available through
  • GV$UNIFIED_AUDIT_TRAIL view for Oracle ASM RAC instances.

Enabling Unified audit trail

• See Oracle Database Security Guide for more details on enabling unified audit trail.

Purging Unified audit trail files

• See Oracle Database Security Guide for more information on purging audit trail files.
• ASMCMD Audit Files Management Commands provides detailed information about ASMCMD commands to manage Oracle ASM audit trail files.

  See Also:

  • audcreatejob ASMCMD command

  • audsettimestamp ASMCMD command
  • audcleanaudittrail ASMCMD command

Audit Trail Properties in Operating System and Unified Audit Trail

Table 3-3 Audit Trail Size and Age Properties

Property Name	Description
Audit file max size	Audit file max size can have a minimum value of 1 KB and maximum value of 2000000 KB. The default value is 10000 KB. Oracle ASM instance will stop writing audit records to the audit files upon reaching the file max size limit. The files are renamed and a new file will be created for subsequent audit records. See ASMCMD Audit Files Management Commands to set the audit file max property.
Audit file max age	Audit file max age can have a minimum value of 1 day and maximum value of 497 days. The default value is 5 days. Oracle ASM instance will stop writing audit records to the audit files upon reaching the file max age limit. The files are renamed and a new file will be created for subsequent audit records. See ASMCMD Audit Files Management Commands to set the audit file max age.
Audit purge job interval	Audit purge job interval can have a minimum value of 1 hour and maximum value of 999 hours. See ASMCMD Audit Files Management Commands to set the audit purge job interval.

See Also:

• audclearproperty ASMCMD command
• Oracle Database PL/SQL Packages and Types Reference for more details about audit trail properties.