Amit -
Review this link:
https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/introduction-to-auditing.html#GUID-E9DB31BB-E90C-4B22-B29D-F9A44B350F9B
D
On Fri, Jan 28, 2022 at 12:00 PM Beckstrom, Jeffrey <jbeckstrom@xxxxxxxxx>
wrote:
System was linked with installation defaults. Apparently, in 19c, unified
is on by default and overrides the database audit trail parameters since we
are seeing the statement level auditing in the unified view and not the OS
files.
*From:* Douglas Dunyan <dmdunyan@xxxxxxxxx>
*Sent:* Friday, January 28, 2022 1:40 PM
*To:* Beckstrom, Jeffrey <jbeckstrom@xxxxxxxxx>
*Cc:* Amit Grover <amitgrover27@xxxxxxxxx>; oracle-l@xxxxxxxxxxxxx
*Subject:* Re: [EXTERNAL]-RE: [EXTERNAL]-database audit trail and unified
audit trail
Greets -
I think I read the default configuration is Mixed Mode unified
auditing. For pure unified auditing, you have to relink oracle with
uniaud_on. Have you relinked yet ? Maybe that's your issue....
FWIW unified audit trail is a view, and you can only remove records
using the supplied packages. As far as unified audit goes, I am stumped,
trying to figure out a system that has 130,000+ records in the view, but
event_timestamp is null, so the package doesn't purge those rows...
HTH
D
On Fri, Jan 28, 2022 at 11:31 AM Beckstrom, Jeffrey <jbeckstrom@xxxxxxxxx>
wrote:
We have a logon trigger that turns on statement auditing for selected
sessions. Looks like those are now going to the unified audit table instead
of the os dest specified by the init.ora parameter. Does that make sense
since unified is on?
*From:* Amit Grover <amitgrover27@xxxxxxxxx>
*Sent:* Friday, January 28, 2022 1:17 PM
*To:* Beckstrom, Jeffrey <jbeckstrom@xxxxxxxxx>
*Subject:* Re: [EXTERNAL]-database audit trail and unified audit trail
Remove the default Unified audit policies or set up a job to clear the
unified audit trail, would be two options to go.
Also check the location of the unified audit, get it moved outside of
Sysaux and maybe change the table partition from default(monthly) to daily,
if you do want to use it, as a start.
Best Regards
Amit Grover
2065966629
On Fri, Jan 28, 2022 at 9:14 AM Beckstrom, Jeffrey <jbeckstrom@xxxxxxxxx>
wrote:
Prior to upgrading to 19c, we were generating a database audit trail.
With 19c, seems like unified audit trail is turned on.
Do we have to purge BOTH the database audit trail and the unified audit
trail. The database audit trail was going to OS files.
Jeffrey Beckstrom
Greater Cleveland Regional Transit Authority
1240 W. 6th Street
Cleveland, Ohio 44113
