15 Using Audit Analysis and Reporting

This chapter describes how to configure audit reporting and how to view audit reports.

This chapter contains these topics:

Note:

To determine whether you can use the reporting features described in this chapter, read Section 15.1 before proceeding.

15.1 About Audit Reporting

Two approaches to audit reporting are possible in Oracle Fusion Middleware Audit Framework. The approach you adopt is dictated by the audit model and component(s) in use at your site:

  • Dynamic Metadata Model

    This audit metadata model was introduced in 11g Release 1 (11.1.1.6.0). Oracle Fusion Middleware installations starting with 12c (12.1.2) automatically use this model.

    Section 15.2 explains how to create audit reports based on this model.

  • Report Template Model

    This earlier model is used by system components. In addition, when you upgrade, the audit framework continues to use the model.

15.2 Audit Reporting with the Dynamic Metadata Model

The ultimate goal of audit integration is to create reports of audit events stored in audit database tables. As described in Section 14.6.1, audit events are saved into the common attribute table iau_common, and the custom attribute tables iau_custom_nnn. The OPSS Common Audit Framework generates SQL scripts to create Oracle database views. Component reporting applications can use these views to query audit event data from audit database tables.

The following steps (some of which you have already accomplished) are required:

  • Integrate with the audit framework using dynamic or declarative registration (Section 23.2 through Section 23.4).

  • Configure audit policies so that the run-time audit service logs events to generate audit data (Section 23.5 and Section 23.6).

  • Configure the audit loader to ensure bus-stop files are migrated to the database (Section 14.2).

  • Use the createAuditDBView command to generate a SQL script of audit definitions ("Viewing Audit Definitions for your Component" in Section 13.5.3.2).

  • Log in to the database as the IAU schema user to create a view using the SQL script from the previous step.

  • Configure your reporting application to query the view.

Here is a sample output of createAuditDBView for component ApplicationAudit:

-- Audit View for Component
 
CREATE VIEW ApplicationAudit_AUDITVIEW AS
 
SELECT IAU_AUDITSERVICE.IAU_TRANSACTIONID AS AUDITSERVICE_TRANSACTIONID,
 
IAU_COMMON.IAU_COMPONENTTYPE AS ComponentType,
 
IAU_COMMON.IAU_MAJORVERSION AS MajorVersion,
 
IAU_COMMON.IAU_MINORVERSION AS MinorVersion,
 
IAU_COMMON.IAU_INSTANCEID AS InstanceId,
 
IAU_COMMON.IAU_HOSTID AS HostId,
 
IAU_COMMON.IAU_HOSTNWADDR AS HostNwaddr,
 
IAU_COMMON.IAU_MODULEID AS ModuleId,
 
IAU_COMMON.IAU_PROCESSID AS ProcessId,
 
IAU_COMMON.IAU_ORACLEHOME AS OracleHome,
 
IAU_COMMON.IAU_HOMEINSTANCE AS HomeInstance,
 
IAU_COMMON.IAU_ECID AS ECID,
 
IAU_COMMON.IAU_RID AS RID,
 
IAU_COMMON.IAU_CONTEXTFIELDS AS ContextFields,
 
IAU_COMMON.IAU_SESSIONID AS SessionId,
 
IAU_COMMON.IAU_TARGETCOMPONENTTYPE AS TargetComponentType,
 
IAU_COMMON.IAU_APPLICATIONNAME AS ApplicationName,
 
IAU_COMMON.IAU_EVENTTYPE AS EventType,
 
IAU_COMMON.IAU_EVENTCATEGORY AS EventCategory,
 
IAU_COMMON.IAU_EVENTSTATUS AS EventStatus,
 
IAU_COMMON.IAU_TSTZORIGINATING AS TstzOriginating,
 
IAU_COMMON.IAU_THREADID AS ThreadId,
 
IAU_COMMON.IAU_COMPONENTNAME AS ComponentName,
 
IAU_COMMON.IAU_INITIATOR AS Initiator,
 
IAU_COMMON.IAU_MESSAGETEXT AS MessageText,
 
IAU_COMMON.IAU_FAILURECODE AS FailureCode,
 
IAU_COMMON.IAU_REMOTEIP AS RemoteIP,
 
IAU_COMMON.IAU_TARGET AS Target,
 
IAU_COMMON.IAU_RESOURCE AS IAU_RESOURCE,
 
IAU_COMMON.IAU_ROLES AS Roles,
 
IAU_COMMON.IAU_DOMAINNAME AS DomainName,
 
IAU_COMMON.IAU_COMPONENTDATA AS ComponentData,
 
IAU_COMMON.IAU_AUDITUSER AS AuditUser,
 
IAU_COMMON.IAU_TENANTID AS TenantId,
 
IAU_COMMON.IAU_TRANSACTIONID AS TransactionId,
 
IAU_COMMON.IAU_USERTENANTID AS UserTenantId,
 
IAU_CUSTOM.IAU_INT_001 AS AccountNumber,
 
IAU_CUSTOM.IAU_DATETIME_001 AS Date,
 
IAU_CUSTOM.IAU_FLOAT_001 AS Amount,
 
IAU_CUSTOM.IAU_STRING_002 AS Status,
 
IAU_CUSTOM.IAU_FLOAT_002 AS Balance,
 
IAU_USERSESSION.IAU_AUTHENTICATIONMETHOD AS AuthenticationMethod
 
FROM IAU_AUDITSERVICE, IAU_COMMON, IAU_CUSTOM, IAU_USERSESSION WHERE IAU_COMMON.IAU_ID = IAU_AUDITSERVICE.IAU_ID AND IAU_COMMON.IAU_ID = IAU_CUSTOM.IAU_ID AND IAU_COMMON.IAU_ID = IAU_USERSESSION.IAU_ID AND IAU_COMMON.IAU_ComponentType = 'ApplicationAudit';

15.3 Audit Reporting with the Report Template Model

You can leverage Oracle Business Intelligence Publisher to generate reports from your application's audit data, utilizing the same reporting capabilities available to Oracle components.

See Oracle Business Intelligence Publisher documentation for details.