Administering Oracle ASM audit trail
This document explains how to manage the audit trail records in Oracle ASM instances.
Oracle ASM audit records with Syslog
-
Oracle ASM audit trail records are redirected to the Syslog facility.
-
With this facility, the Oracle ASM audit trail records are written to /var/log/oraasmaudit.log file.
- Log rotation is configured for Oracle ASM audit trail records in /etc/logrotate.d/oraasmaudit configuration file. Audit logs are rotated once every four weeks and will be compressed after they are rotated.
Managing Oracle ASM audit records in Operating system audit trail
Operating system audit trail
Enabling Operating system audit trail
To disable syslog auditing and enable Operating system audit trail, set
AUDIT_SYSLOG_LEVEL
initialization parameter to
NULL
and AUDIT_TRAIL
initialization parameter to
‘OS’.
Purging Operating system audit trail files
Refer to the audcreatejob
, audsettimestamp
,
and audcleanaudittrail
ASMCMD commands for information about managing
Oracle ASM audit trails. See ASMCMD Audit Files Management
Commands.
Managing Oracle ASM audit records in Unified audit trail
Unified audit trail
- See Oracle Database Security Guide for more information about unified auditing.
- Unified audit trail records are available through
GV$UNIFIED_AUDIT_TRAIL
view for Oracle ASM RAC instances.
Enabling Unified audit trail
- See Oracle Database Security Guide for more details on enabling unified audit trail.
Purging Unified audit trail files
- See Oracle Database Security Guide for more information on purging audit trail files.
- ASMCMD Audit Files Management Commands provides detailed information about ASMCMD commands to manage Oracle ASM audit trail files.
Audit Trail Properties in Operating System and Unified Audit Trail
Table 3-3 Audit Trail Size and Age Properties
Property Name | Description |
---|---|
Audit file max size |
Audit file max size can have a minimum value of 1 KB and maximum value of 2000000 KB. The default value is 10000 KB. Oracle ASM instance will stop writing audit records to the audit files upon reaching the file max size limit. The files are renamed and a new file will be created for subsequent audit records. |
Audit file max age |
Audit file max age can have a minimum value of 1 day and maximum value of 497 days. The default value is 5 days. Oracle ASM instance will stop writing audit records to the audit files upon reaching the file max age limit. The files are renamed and a new file will be created for subsequent audit records. |
Audit purge job interval |
Audit purge job interval can have a minimum value of 1 hour and maximum value of 999 hours. |
Note:
Unified Auditing, when enabled in ASM instances, will mandatorily audit onlyCONNECT
and
SHUTDOWN
as opposed to auditing all the activities that are done in
the ASM instances in 19c. This is a behaviour change in 23ai. The
UNIFIED_AUDIT_SYSTEMLOG
init.ora
parameter [when set in ASM instances] will redirect the audit
records to syslog and will NOT write a copy of the full audit record to the OS
files.
See Also:
- ASMCMD Audit Files Management Commands for information about setting the properties
- Oracle Database PL/SQL Packages and Types Reference for more details about audit trail properties.