-
1. Re: Unified Auditing Documentation Confusion
Matthew Morris Feb 16, 2014 4:07 PM (in response to Matthew Morris)OK -- another statement a bit later that makes no sense. Under the section "How Database Creation Determines the Type of Auditing You Have Enabled" is the following:
"Unified auditing uses the $ORACLE_BASE/audit directory as the location for the new format operating system files. For newly created databases, mixed mode auditing is enabled by default through the predefined policy ORA_SECURECONFIG.
To start using mixed mode auditing, you must enable at least one unified audit policy, and to stop using it, disable all unified audit policies."
I'm pretty sure the underlined section should be 'unified auditing'.
-
2. Re: Unified Auditing Documentation Confusion
Pat Huey-Oracle Feb 17, 2014 5:20 PM (in response to Matthew Morris)Hi Matthew,
Apologies for these errors! Thanks for catching them. I've made the following corrections:
- Under "Benefits of the Unified Audit Trail," I changed the first sentence to say, "After unified auditing is enabled, it does not depend on the initialization parameters that were used in previous releases."
- Under "How Database Creation Determines the Type of Auditing You Have Enabled," I changed the second paragraph to say, "To start using unified auditing, you must enable at least one unified audit policy, and to stop using it, disable all unified audit policies."
These changes will appear the next time the book is refreshed on OTN.
Best,
Pat Huey
-
3. Re: Unified Auditing Documentation Confusion
Zoran Pavlovic Apr 2, 2014 8:08 PM (in response to Pat Huey-Oracle)"To start using unified auditing, you must enable at least one unified audit policy, and to stop using it, disable all unified audit policies."
This is not correct. There are two mods: Mixed mode and Unified mode. Unified mode is enabled as database option (by relinking Oracle). Mixed mode is enabled by enabling unified audit policy. In mixed mode, both old initialization parameters, and new configuration are active. In unified mode, old initialization parameters are inactive.
If you upgraded to Oracle Database 12c, then you should enable one of the predefined policies, or create a new one and enable it in order for mixed mode to work.
In newly created Oracle Database 12c, mixed mode is enabled by default. (ORA_SECURECONFIG is enabled by default).
So it should state: "To start using mixed mode auditing, if no polices are enabled, then you must enable at least one unified audit policy, and to stop using it, disable all unified audit policies."
-Zoran
-
4. Re: Unified Auditing Documentation Confusion
Maki Apr 2, 2014 8:19 PM (in response to Zoran Pavlovic)Hi,
I agree with Zoran.
This is also stated in http://www.oracle.com/webfolder/technetwork/tutorials/obe/db/12c/r1/security/sec_uni_audit/sec_uni_audit.html?cid=6777&ssid=0
- " When a database is upgraded from a previous release, before you decide to switch to the unified auditing mode, you can use the mixed mode by creating a policy with CREATE AUDIT POLICY command and then enabling it with AUDIT command. If you do not wish to create a new policy, you can simply enable one of the predefined policies - ORA_SECURECONFIG or ORA_ACCOUNT_MGMT or ORA_DATABASE_PARAMETER. Either of this puts the database in mixed auditing mode. The old audit syntax continues to work and the old audit destinations continues to be written to.
- When a database is created, mixed auditing mode is used by default through the predefined enabled policy ORA_SECURECONFIG. But unified auditing mode is not yet enabled."
Kind regards,
Maja