Hopefully someone can answer this for me. I'm running AV 10.3 on Solaris 10. Both of my source databases are on OEL 5 and are 188.8.131.52. I am currently writing the audit trail to the DB.
Will the collector (or some other piece) update the LAST_ARCHIVE_TS attribute on the source database?
I want to set up the purge job to only purge archived audit logs, but this attribute is not set on my source databases. From reading the documents it looks like something on the AV side should be calling DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP, but I don't see that happening.
Thanks for the help.
Edited by: jdfjsu99 on May 21, 2012 1:51 PM
I have. I understand how the package works. My question is related specifically to Audit Vault.
According to section 4.10.2 of the Audit Vault 10.3 Admin Guide:
"Oracle Audit Vault is integrated with the DBMS_AUDIT_MGMT package on a source database. This integration automates the purging of audit records from the AUD$ and FGA_LOG$ files, and from the operating system .aud and .xml files after they have been successfully inserted into the Audit Vault repository by the Audit Vault collector. After the purge is completed, the collectors automatically set a timestamp on audit data that has been collected. Therefore, you must set the USE_LAST_ARCH_TIMESTAMP property to true to ensure that the right set of audit records are purged."
To me that implies that the collector is running something similar to the following in the source database:
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
last_archive_time => SYSTIMESTAMP);
However when I run the following statement I get "no rows selected".
SELECT * FROM dba_audit_mgmt_last_arch_ts;
Can you pl. verify that the Audit Trail Is Initialized for Cleanup or not. You can use use following PL/SQL block to check that.
set serveroutput on
sys.dbms_output.put_line('aud$ is initialized for cleanup');
sys.dbms_output.put_line('aud$ is not initialized for cleanup.');