Using Standard Auditing to Monitor General Activities
■
The number of audit options turned on
■
The frequency of execution of audited statements
To control the growth of the audit trail, you can use the following methods: ■
■
■
Enable and disable database auditing. If it is enabled, then audit records are generated and stored in the audit trail. If it is disabled, then audit records are not generated. Be selective about the audit options that are turned on. If more selective auditing is performed, then useless or unnecessary audit information is not generated and stored in the audit trail. Tightly control the ability to perform object auditing. This can be accomplished in two ways: –
A security administrator owns all objects and never grants the AUDIT ANY system privilege to any other user. Alternatively, all schema objects can belong to a schema for which the corresponding user does not have CREATE SESSION privilege.
–
All objects are contained in schemas that do not correspond to real database users (that is, the CREATE SESSION privilege is not granted to the corresponding user). The security administrator is the only user granted the AUDIT ANY system privilege.
In both scenarios, a security administrator controls entirely object auditing. The maximum size of the database audit trail (SYS.AUD$ table) is determined by the default storage parameters of the SYSTEM tablespace, in which it is stored. See Also: Operating system-specific Oracle Database documentation for more information about managing the operating system audit trail when directing audit records to that location
Archiving Standard Audit Trail Information If you need to archive audit trail information for historical purposes, then you can copy the relevant records to a typical database table (for example, using INSERT INTO table SELECT ... FROM SYS.AUD$ ...), or export the audit trail table to an operating system file. "Archiving the Standard and Fine-Grained Audit Trails" on page 6-47 explains how to use Oracle Data Pump Export to export the SYS.AUD$ table to an operating system file. Purging the Standard Audit Trail After auditing is enabled for some time, you should periodically purge (delete) records from the database audit trail both to free audit trail space and to facilitate audit trail management. For example, to delete all audit records from the audit trail, enter the following statement: DELETE FROM SYS.AUD$;
Alternatively, to delete all audit records from the audit trail generated as a result of auditing the table emp, enter the following statement: DELETE FROM SYS.AUD$ WHERE obj$name='EMP';
Note: Oracle Database audits all deletions from the audit trail,
without exception. See "Auditing the Standard Audit Trail" on page 6-19 and "Auditing Administrative Users" on page 6-33.
6-18
Oracle Database Security Guide