7 Replies Latest reply on Nov 21, 2012 6:00 PM by jgarry

    Oracle Auditing

      running Oracle Database 11g on Solaris platform. We have turned on auditing as our application requires PCI compliance. We are using Oracle grid to monitor databases. Whenever we access OEM to troubleshoot some errors, an entry is getting logged in the OS Audit file location. it really generates a huge file. We do not want to log an entry, for each OEM access. is it possible to turn off auditing on grid access only ?

      Thanks in advance.
        • 1. Re: Oracle Auditing
          Are you accessing as sysdba?

          Also see http://psoug.org/reference/auditing.html
          • 2. Re: Oracle Auditing
            An audit files are created every time you login as user SYS. The are located in $ORACLE_HOME/rdbms/audit.

            You can clean out old files without problem if necessary. For instance, using a cron entry as user Oracle that deletes audit files older than 1 month:

            30 0 * * * find /u01/app/grid/11.2.0/grid/rdbms/audit -maxdepth 1 -name '*.aud' -mtime +30 -delete >/dev/null 2>&1
            1 person found this helpful
            • 3. Re: Oracle Auditing
              No i connect as myself.
              • 4. Re: Oracle Auditing
                Thank You. your suggestion is useful, but is there a way to stop it from creating. i am looking for some disable option on the Grid Control.
                • 5. Re: Oracle Auditing
                  Please show us one of the aud files. Perhaps your sysman login (or whatever your version uses) is sysdba, rather than you.
                  • 6. Re: Oracle Auditing
                    i have trimmed the query in the middle, i did not run the query, i am sure it is from OEM.
                    $more xims_ora_25539_1.aud
                    Audit file /oracle/app/oracle/audit/xims_ora_25539_1.aud
                    Oracle Database 11g Enterprise Edition Release - 64bit Production
                    With the Partitioning, OLAP, Data Mining and Real Application Testing options
                    ORACLE_HOME = /oracle/app/oracle/product/
                    System name:    SunOS
                    Node name:      jpmcqa98
                    Release:        5.10
                    Version:        Generic_99999
                    Machine:        sun4u
                    Instance name: xims
                    Redo thread mounted by this instance: 1
                    Oracle process number: 610
                    Unix process pid: 25539, image: oracle@jpmcqa98
                    Tue Nov 20 15:24:01 2012 -05:00
                    LENGTH : '8052'
                    ACTION :[7889] 'SELECT event, wait_class, dim_percentage, dim_act_sessions FROM   (SELECT event, wait_class ,....<<<<TRIMMED FOR BREVITY>>>(:ash_module IS NULL          OR module like :ash_module)   AND   (:ash_action IS NULL          OR action like :ash_action)   AND   (:ash_client_i
                    d IS NULL          OR client_id like :ash_client_id)   AND   (:ash_plsql_entry IS NULL          OR ( (unified_ash.dbid,                unified_ash.plsql_entry_object_id
                    ,                unified_ash.plsql_entry_subprogram_id) IN                (select d.dbid, object_id, subprogram_id from ( select object_id, subprogram_id, object_type,
                    owner,          object_name, procedure_name, overload   from dba_procedures )  plsname1,                 v$database d                where dbms_ash_internal.format_plsq
                    l(plsname1.owner,                                         plsname1.object_name,                                         plsname1.object_type,
                                  plsname1.procedure_name,                                         plsname1.overload)                      like :ash_plsql_entry) ) )  ) a         WHERE   1
                     = 1            and session_type = 'FOREGROUND'          GROUP BY event, wait_class ) ash       WHERE  ash.dim_percentage >= 1   AND  ash.dim_rank <= 5    ORDER  BY ash
                    DATABASE USER:[8] 'klyde'
                    PRIVILEGE :[4] 'NONE'
                    CLIENT USER:[8] 'NET8/klyde'
                    CLIENT TERMINAL:[5] 'pts/3'
                    STATUS:[1] '0'
                    DBID:[10] '1016814029' 
                    Edited by: dbmechanic on Nov 20, 2012 6:05 PM
                    • 7. Re: Oracle Auditing
                      Hmmm, I'm not up on ASH security, but the user must have something granted to see it (or maybe ASH does something to public). I'd say ask support if it is a bug, maybe someone more up on that stuff can help. Perhaps the em forum could help more. Did you say you have enterprise edition with the diagnostic license?