Forum Stats

  • 3,837,907 Users
  • 2,262,306 Discussions
  • 7,900,431 Comments

Discussions

question on unified auditing and the warning I got during 19c upgrade

user10207670
user10207670 Member Posts: 1 Red Ribbon
edited Aug 2, 2020 7:13PM in Database Upgrade

Hello all,

   I am in the process of upgrading Oracle 12.2 database to 19c, using DBUA.  The upgrade assistant gives the below warning.

Oracle Unified Audit records present in the OS spillover audit files must be loaded to the database audit table before database upgrade to ensure they can be read after upgrade. For more information, refer to "LOAD_UNIFIED_AUDIT_FILES Procedure" in Database PL/SQL Packages and Types Reference.

   But the puzzling part is, we never enabled unified auditing.   select * from v$option where PARAMETER = 'Unified Auditing';   -- is "FALSE"

   And our AUDIT_TRAIL is set to "DB"

   Any idea which unified audit records it is referring to...

thanks, Geeta

Answers

  • Wesley D-Oracle
    Wesley D-Oracle Posts: 193 Employee
    edited Aug 2, 2020 7:13PM

    When that query you ran shows FALSE, that means you are not using Pure Unified Auditing -- that is, Unified Auditing by itself.   FALSE means you are using Mixed-Mode Auditing -- which is a combination of Traditional Auditing (the auditing performed with AUDIT_TRAIL set to a value other than NONE) and Unified Auditing.

    In fact, there are default Unified Auditing policies that are enabled in Mixed Mode, even when you haven't moved to Pure Unified Auditing.

    This is explained in the following Note:

       The UNIFIED_AUDIT_TRAIL is Getting Populated even if Unified Auditing was not explicitly enabled in 12c (Doc ID 1624051.1)

    If you are curious, the origin of the *.bin files is discussed in:

       12c Unified Auditing Causes Many *.bin Files (Doc ID 2193721.1)

    I also recommend that you review the Oracle 12c/19c documentation concerning Mixed-Mode auditing, since this is currently in use on your end.

    Example:

    "Introduction to Auditing"
    https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/introduction-to-auditing.html

  • User_0I7XU
    User_0I7XU Member Posts: 1 Green Ribbon

    Hello Guys,

    could you please help here, getting audit spillover issue while ugrading the database from 12.2.0.1 to 19.0.0.0 in standard edition (SE2).

    even preupgrade fixup didn't fix the issue.


    Environment : Windows

    Database 12.2.0.1 -- Standard Edition SE2

    pre-upgrade check :

     RECOMMENDED ACTIONS

     ===================

     1. (AUTOFIXUP) Load the Unified Audit records from OS spillover audit files

       to database audit table using DBMS_AUDIT_MGMT.LOAD_UNIFIED_AUDIT_FILES

       api before upgrade.

       There are Unified Audit records present in the OS spillover audit files.

       Oracle Unified Audit records present in the OS spillover audit files must

       be loaded to the database audit table before database upgrade to ensure

       they can be read after upgrade. For more information, refer to

       "LOAD_UNIFIED_AUDIT_FILES Procedure" in Database PL/SQL Packages and

       Types Reference.


    pre-upgrade fixup script result:

    =======================

    Preup Action Number : 1

    Preupgrade Check Name : uniaud_records_in_file

    Preupgrade Issue Is Remedied : NO

    Further DBA Action :

    Unexpected failure. Manual fixu

    p required. FIXUP reports succe

    ss, but a RECHECK indicated the

    problem still exists.


    Actions Taken :

    ==========

    SQL> exec DBMS_AUDIT_MGMT.LOAD_UNIFIED_AUDIT_FILES;

    PL/SQL procedure successfully completed.

    --> Database bounced

    PARAMETER         VALUE             CON_ID

    ------------------------- ------------------------- ----------

    Unified Auditing     FALSE               0

    Still no use , not yet fixed

    i don't see any audit files at OS level.

    Could you please help in provide the fix.

  • User_LCSBL
    User_LCSBL Member Posts: 1 Green Ribbon

    I encountered similar issue while upgrading from 12.2.0.1 to 19c. The following doc helped.

    The UNIFIED_AUDIT_TRAIL is Getting Populated even if Unified Auditing was not explicitly enabled in 12c (Doc ID 1624051.1)

    1) Clean audit trail:

    exec DBMS_AUDIT_MGMT.FLUSH_UNIFIED_AUDIT_TRAIL;


    BEGIN

      DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(

       AUDIT_TRAIL_TYPE     => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED,

       USE_LAST_ARCH_TIMESTAMP  => FALSE,

       CONTAINER         => dbms_audit_mgmt.container_current);

    END;

    /


    2) Disable the Unified Audit policies causing this issue:


    NOAUDIT POLICY ORA_SECURECONFIG;

    NOAUDIT POLICYORA_LOGON_FAILURES;


    3) Rerun preupgrade.jar