We are sending Oracle 12c audit logs to OS files but its generating huge amount of logs. How can we decrease generation of audit logs?
These are the audit log settings:
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /audit/auditlog/authentic/orac
leaudit.log
audit_sys_operations boolean TRUE
audit_syslog_level string LOCAL6.INFO
audit_trail string OS
unified_audit_sga_queue_size integer 1048576
We want audit logs at OS levels as per PCI-DSS. Please tell me how to view which audit logs are enabled so we can disable audit logs which are not required,
Following setting will cause all Audit logs to OS filesystem:
audit_trail string OS
Please set to following value, which will write most of the audit information in sys.aud$ table in database and only required OS audit logs will be created.
audit_trail = db, extended
On last note, please do clean up audit logs from OS filesystem & sys.aud$ table periodically.
Can you read the OS audit log file and see what are the contents logged?
And if you think it is not necessary, then issue a "noaudit" command on the corresponding privilege not to be logged:
Eg:
NOAUDIT CREATE SESSION ;
NOAUDIT CREATE SESSION BY HR;
NOAUDIT UPDATE ANY TABLE ;
NOAUDIT UPDATE ANY TABLE BY hr ;
For more details see:
http://satya-dba.blogspot.com/2009/05/auditing-in-oracle.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.