1.343 UNIFIED_AUDIT_SYSTEMLOG

UNIFIED_AUDIT_SYSTEMLOG specifies whether a piece of unified audit records will be written to the SYSLOG utility (on UNIX platforms) or to the Windows Event Viewer (on Windows). In a CDB, this parameter is a per-PDB static initialization parameter.

Property Description

Parameter type

String for UNIX platforms, Boolean for Windows

Syntax

On UNIX:

UNIFIED_AUDIT_SYSTEMLOG = ‘facility_clause.priority_clause’

On Windows:

UNIFIED_AUDIT_SYSTEMLOG = { FALSE | TRUE }

Syntax

facility_clause::=

{ USER | LOCAL[0 | 1 | 2 | 3 | 4 | 5 | 6 | 7] }

Syntax

priority_clause::=

{NOTICE | INFO | DEBUG | WARNING | ERR | CRIT | ALERT | EMERG }

Default value

No default on UNIX platforms

FALSE on Windows

Modifiable

No

Modifiable in a PDB

Yes

Basic

No

Oracle RAC

The same value must be used on all instances.

When this parameter is set on UNIX, key fields of unified audit records are written to SYSLOG. When this parameter is set on Windows, key fields of unified audit records are written to the Windows Event Viewer.

Do not set this parameter (or set it to FALSE on Windows) if you do not want key fields of unified audit records written to SYSLOG or the Windows Event Viewer.

When UNIFIED_AUDIT_SYSTEMLOG is enabled, the key fields of the unified audit records that are written uniquely identify the detailed unified audit records in the UNIFIED_AUDIT_TRAIL view. Only a subset of the unified audit record fields are written so that audit record entries do not exceed the maximum allowed size for a SYSLOG entry (typically 1024 bytes).

Note:

This parameter is available starting with Oracle Database release 18c, version 18.1.

See Also:

  • "UNIFIED_AUDIT_TRAIL"

  • Oracle Database Security Guide for a table that maps the names given to the unified audit records fields that are written to SYSLOG and the Windows Event Viewer to the corresponding column names in the UNIFIED_AUDIT_TRAIL view