3 Replies Latest reply: Feb 1, 2013 10:38 AM by Le�ncio-Oracle RSS

    Anyone using OAM 11g auditting?

    Jeremy Waters
      I've setup auditing in OAM, but I'm finding that I can only choose from 3 audit filter presets rather than actually selecting which events I'm interested in auditing. At this point, I'm interested in auditing user login/logout events. The only way I get that is by selecting the "All" preset, at which point I get flooded by a fire hose of other unwanted events. The volume is so high (even in my dev environment) that there is no way I could implement this in prod. This renders the oam audit functionality useless for me (as it seems to be implemented now).

      Is there really no way to get granular control over what OAM events are auditted?

      This seems well implemented in em, where I can pick events, but the documentation says (and I have confirmed) that OAM ignores this em audit configuration and only uses the much more coarse settings from oamconsole (system config > common settings > audit config). Why is is implemented this way? we seem to have superior functionality available in em which is defeated by oam... The 12.1.2 docs indicate nothing has change in R2.

      Oracle's documentation says:

      Note: You control the amount and type of information that is logged
      by choosing a filter preset from the Audit Configuration section.
      Auditable events for each filter preset are fixed in the read-only
      component_events.xml file. Editing or customizing this file is not

      I've tinkered with component_events.xml, despite the warning, and have so far not been successful in adding events to the "low" filter.

      Any insights? Or alternatives?
        • 1. Re: Anyone using OAM 11g auditting?
          Jeremy Waters
          In case this ends up being usefull to anyone... I've managed to alter component_events.xml as follows, adding user authentication to the "low" preset. As stated in the munual, this isn't documented functionality and is not supported... so do with it as you will. I'm excluding events for user "anonymous" otherwise you get flooded with useless data.

          <FilterPresetDefinition name="Low">ConsoleLogin,PolicyCreation,PolicyModification,PolicyDeletion,ResourceCreation,ResourceModification,ResourceDeletion,SchemeCreation,
          ResourceTemplateDeletion,GenericAdminOperation,ServerStartup,ServerShutDown,Authentication(Initiator -ne &quot;Anonymous&quot; )</FilterPresetDefinition>

          Edited by: Jeremy Waters on Jan 30, 2013 8:27 AM
          • 2. Re: Anyone using OAM 11g auditting?
            Hi Jeremy,

            THANKS for posting that info! I was wondering: How did you figure out the syntax, etc. for what you had to modify in the XML file? Is that format/syntax documented somewhere (undertood that it's not supported)?

            In your case, are you sending the audit output to the filesystem or to a database? If the former, what is the location for the audit log file? On one of my test systems, I have a file, audit.log, at:


            Is that the location for the file-based audit output?

            Sorry for all the questions, but I'm trying to get this working myself, so your thread/post was very timely and helpful!

            • 3. Re: Anyone using OAM 11g auditting?
              Hey Jim,

              Check this : http://thiagoleoncio.blogspot.com/2013/01/steps-to-enable-audit-log-inoam.html

              And let me know if it helps and if it is what you are looking for.

              I hope it helps you,
              Thiago Leoncio.