What is Oracle 12c Unified Auditing

What Is Oracle 12c Unified Auditing?

In unified auditing, the unified audit trail captures audit information from a variety of sources. Unified auditing enables you to capture audit records from the following sources:
•    Audit records (including SYS audit records) from unified audit policies and AUDIT settings 
•    Fine-grained audit records from the DBMS_FGA PL/SQL package 
•    Oracle Database Real Application Security audit records
•    Oracle Recovery Manager audit records
•    Oracle Database Vault audit records
•    Oracle Label Security audit records
•    Oracle Data Mining records
•    Oracle Data Pump
•    Oracle SQL*Loader Direct Load

The unified audit trail, which resides in a read-only table in the AUDSYS schema in the SYSAUX tablespace, makes this information available in a uniform format in the UNIFIED_AUDIT_TRAIL data dictionary view, and is available in both single-instance and Oracle Database Real Application Clusters environments. In addition to the user SYS, users who have been granted the AUDIT_ADMIN and AUDIT_VIEWER roles can query these views. If your users only need to query the views but not create audit policies, then grant them the AUDIT_VIEWER role. 

When the database is writeable, audit records are written to the unified audit trail. If the database is not writable, then audit records are written to new format operating system files in the $ORACLE_BASE/audit/$ORACLE_SID directory. 

Unified Auditing – Is it ON or OFF

Unified Auditing is not linked into the Oracle 12c kernel by default to offer people the choice to use it and to avoid conflicts in case somebody has auditing ON already – so neither during an upgrade nor with a fresh 12c database you’ll see it included into the kernel. It will have to be linked in manually.

-    Check if Unified Auditing is present in your environment

SQL> select value from v$option where parameter = 'Unified Auditing';
VALUE
----------------------------------------------------------------
FALSE
SQL>

-	If you’ll want to link it into the kernel


[oracle@machine01 ~]$ cd $ORACLE_HOME/rdbms/lib
[oracle@machine01 lib]$ make -f ins_rdbms.mk uniaud_on ioracle

 

  • Check again status of Unified Auditing
  • SQL> select value from v$option where parameter = 'Unified Auditing';
VALUE
----------------------------------------------------------------
TRUE
SQL>

     

Share you comments

{{ errorMessage }}