===== Unified Auditing =====
==== Check if Enabled ====
select VALUE from V$OPTION
where PARAMETER='Unified Auditing';
==== Enable ====
* Shutdown Database
* cd $ORACLE_HOME/rdbms/lib
* make -f ins_rdbms.mk uniaud_on ioracle
* set AUDIT_TRAIL = NONE, otherwise both auditing mechanisms will run concurrently
* Start Database
==== Configuration ====
Records are written to the SGA queues and then periodically written to tables in the AUDSYS schema.\\
If it is required that the audit details are immediately written to the tables then ...
BEGIN
DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY (
DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED,
DBMS_AUDIT_MGMT.AUDIT_TRAIL_WRITE_MODE,
DBMS_AUDIT_MGMT.AUDIT_TRAIL_IMMEDIATE_WRITE);
END;
When the database is in READ ONLY mode then audit records are written to $ORACLE_BASE/audit/$ORACLE_SID\\
These files can then be later loaded into the database by ...
BEGIN
DBMS_AUDIT_MGMT.LOAD_UNIFIED_AUDIT_FILES;
END;
==== Create Unified Audit Policy ====
Create and enable an audit policy which will audit the creation of tables and sequences by user IAN.
CREATE AUDIT POLICY ian_audit_policy
PRIVILEGES CREATE TABLE, CREATE SEQUENCE
WHEN 'SYS_CONTEXT(''USERENV'', ''SESSION_USER'') = ''IAN'''
EVALUATE PER SESSION
CONTAINER = CURRENT;
AUDIT POLICY ian_audit_policy;
==== Predefined Audit Policies ====
* ORA_SECURECONFIG (Enabled by default)
* ORA_DATABASE_PARAMETER
* ORA_ACCOUNT_MGMT