Oracle Database 12c – Auditing

I’ve been really interested to learn about some cool new features within Oracle Database auditing in 12c.

The feature which is new to 12c is called Unified Audit Data Trail and with it the new Extended Audit Information. This seeks to do two things –

1. Consolidate audit data from various different features into a single view. Prior to 12c we had SYS auditing, object auditing, Database Vault auditing etc all going to different places. Now we’re seeing all that go into a single view.

2. Make this single view extensible. The old Basic Audit Information format was very fixed in format which isn’t suitable when consolidating all of these features – we’ve got an extensible format now which can support new columns.

Two other really nice new features with the new auditing –

1. Audit data is now read only, even for SYS. This is great as it negates the need to store audit data outside the database just to protect against DBA interference.

2. New memory queue within the SGA so that audit writes are more efficient. Purged to disk every 3 seconds – yes you could potentially lose audit records if the instance crashes somewhere in that 3 seconds. This feature can be turned off if that really bothers you. The queue size within the SGA is configurable (by default 1MB).

With all this comes a new background process – GEN0 – to write the queue to disk every 3 seconds or so.

What I also like is that the Unified Audit Data feature is enabled by default for new 12c databases. Actually there are a couple of different modes the auditing can now run in –

Unified Auditing
Mixed Mode

Mixed mode is the default, and means that the old auditing methods and syntax still work. Unified auditing means the old auditing methods and syntax will no longer work, and this mode actually requires a relink in order to enable. I can see the benefits in switching to this at the earliest opportunity though (as far as tidying up distributed audit configuration and trails).

There is a lot that we can chose to audit – RMAN operations, Database Vault, Data Pump, SQL Loader, FGA etc. A very simple example to using it is something like this –

CREATE AUDIT POLICY MY_NEW_POLICY ACTIONS SELECT ON SCOTT.HR;
AUDIT POLICY MY_NEW_POLICY; –Enable

We could have set up auditing on Data Pump instead –

CREATE AUDIT POLICY MY_NEW_POLICY COMPONENT=DATAPUMP ALL;
AUDIT POLICY MY_NEW_POLICY;

I had a bit of a play with setting up table level auditing to automatically audit new tables (to be blogged separately).

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: