Oracle Rdbms 12c: Unified Auditing

In Oracle there were many types of auditing for example: Standard auditing, Fine Grained Auditing,
Privileged user access etc. You were required to enable or disable all of them individually and also each of
them had their own location and format.
Unified auditing is introduced to reduce all of these problems and also make the audit process more
advantageous. Starting from 12c you can now use Unified Auditing to keep track of all audit data in a single
audit trail.
The unified auditing trail can have auditing data from following audit sources.

  • Audit records (including SYS audit records) from unified audit policies and AUDIT
    settings
  • Fine-grained audit records from the DBMS_FGAPL/SQL package
  • Oracle Database Real Application Security audit records
  • Oracle Recovery Manager audit records
  • Oracle Database Vault audit records
  • Oracle Label Security audit records
  • Oracle Data Mining records
  • Oracle Data Pump
  • Oracle SQL*Loader Direct Load

In the SYSAUX tablespace are stored all the data and are made available in read-only through the
system view UNIFIED_AUDIT_TRAIL.
You can change the default location of auditing using the
DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_ LOCATION procedure.
The audit records are recorded in audit trail if the database is open in read write mode. If for some
reason the database is opened in read only mode then all the audit records are stored in a new
format at the operating system level. The location for audit records under such situations is
$ORACLE_BASE/audit/$ORACLE_SID.
Auditing is enabled by default in 12c, with the previous release you had to turn it on manually.
The default auditing mode is the mixed mode auditing. Mixed mode auditing allows you to use the
traditional auditing together with the new Unified auditing.
Benefits:

  • Once enabled, Unified auditing frees you from setting the different initialization parameters.
  • As there is only one audit trail, managing the auditing data is easier.
  • The actual audit process actually is simpler. Now you have only one audit trail and only one view to query
    for all types of audit records. The AUDIT_TYPE column shows the type of the audit record.
  • Often in older Oracle release writing audit records was cause of database performances.

But Unified auditing works in a Queued Write mode which means that all the records are initially recorded
in the SGA instead of the immediate write to disk.

  • The new auditing policies has a lot of flexibility. It allow you to fine grain an audit policy and also to point
    out exclusions and exceptions from that particular policy.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *