From the course: Oracle Database 12c: Security
Configure audit parameters - Oracle Database Tutorial
From the course: Oracle Database 12c: Security
Configure audit parameters
- [Instructor] Auditing in the Oracle database is the process of monitoring and recording database actions that are performed by database users, both privileged and non privileged users. You can base your auditing on individual actions such as execution of specific sequel commands, or more complex combinations that includes actions executed by specific users, specific applications, and so on. The first step before we can enable and use auditing is to understand some of the parameters in the database that pertain to auditing. So let's open a connection to our root container using the sysdba user. So I'll type sqlplus sys/oracle as sysdba. Note that certain system level auditing parameters in Oracle 12c and it's multi tenant architecture are configured and controlled directly inside the root container itself, yet effect all plugable databases. So we need to connect to the root container in order to modify these parameters. The first parameter we'll talk about is the audit underscore trail parameter. Show parameter audit underscore trail. This parameter controls where the audit information is stored inside the database or outside the database. That is in a table or in an operating system file. As you can see, with a value of DB, short for database, in my environment the audit trail will be stored in a database table as we'll see later. I can also change it by typing alter system set audit trail equals os scope equals spfile, I can configure my database to store auditing information outside the database. I can also set it to alter system set audit trail equals db comma extended scope spfile, which will store the audit information inside the database, but in extended format which includes the actual sequel commands that are executed on database objects which we audit as well as the sequel buying variables. Note that this is a static parameter and any modifications done to it will require a restart. You can also configure this parameter to the xml, or xml comma extended values, which will instruct Oracle to store the audit information outside the database in xml files. Another important parameter we should discuss is the audit underscore sys underscore operations parameter. So I'll type show parameter audit sys operations. This parameter, which is enabled in my environment, controls if operations issued by users connecting as super users such as users with sysdba or sysoper privileges should be audited or not. These audit records are written into the operating system audit trail which we'll see later in our course. It's always good practice to keep this parameter enabled as it is. The audit file dest parameter, show parameter audit file dest configures the operating system directory used for the audit trail when the OS or XML options are specified and for sysdba and sysoper user auditing. So in my environment audit trails that are stored outside the database will be located in this directory. This can vary depending on the Oracle database you are connected to. We'll see which files are created in this directory later in our chapter. Auditing in the Oracle database can also be configured as unified. Using unified auditing in our database means that a unified audit trail is created and captures audit information from a variety of sources including the general actions we audit, but also fine grain auditing, which we'll talk about later, arman auditing, data pump auditing and so on. This unified audit trail resides in a table in the aud sys schema in our database and is queryable via the unified underscore audit underscore trail database view. For example, desc unified audit trail. We'll see unified auditing in action later in our course. You can check if your database has been configured exclusively for unified auditing by running the following query; select value from v$option where parameter equals unified auditing. As you can see, exclusive unified auditing isn't enabled in my database, and it's outside the scope of our course on how to enable it. If unified auditing hasn't been enabled, then mix mode auditing is used. This is the default and supports both pre Oracle 12c auditing such as standard auditing, we'll see that later, and the new audit capabilities.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.