In my previous blogpost, we delved into the complete details on Unified auditing. With the release of Oracle 23ai, there's a significant shift in the way Oracle handles auditing. Building on the foundation laid by Unified Auditing introduced in Oracle 12c, Oracle 23ai marks a crucial milestone: the deprecation of traditional auditing in favor of a more streamlined, robust auditing mechanism. Here's an in-depth look at what this transition entails and how it impacts your database management.
The Evolution to Unified Auditing
Unified Auditing, which has been a cornerstone since Oracle 12c, is now the recommended and sole auditing method in Oracle 23ai. This modern approach consolidates all audit records into a single unified format, housed within a read-only table in the AUDSYS schema located in the SYSAUX tablespace. This centralized format is accessible through the UNIFIED_AUDIT_TRAIL data dictionary view, ensuring a cohesive and easily navigable audit trail across both multitenant and Oracle RAC environments.
Security and Access Controls
In Oracle 23ai, the AUDSYS schema is strictly protected—no direct logins are permitted. The AUD$UNIFIED table within this schema is designed exclusively for insert operations. Attempts to delete, update, or truncate records directly will fail and generate audit entries, thus maintaining the integrity and security of the audit logs.
Handling Audit Records in Different Modes
Audit records are written to the unified audit trail when the database operates in read-write mode. However, if the database is in read-only mode or closed, such as in an Active Data Guard environment, audit records are diverted to external operating system spillover .BIN files located in the $ORACLE_BASE/audit/$ORACLE_SID directory. Even in these cases, the audit data in .BIN files is integrated into the UNIFIED_AUDIT_TRAIL view.
Transitioning from Traditional Auditing
For those upgrading from previous Oracle versions, existing traditional audit settings will remain effective during the upgrade to 23ai. However, new traditional audit settings cannot be created, nor can existing settings be modified—only deletions are permitted. This emphasizes Oracle's commitment to transitioning fully to Unified Auditing.
Policy Management
For databases upgraded from Oracle 11g, it’s crucial to enable at least the ORA_SECURECONFIG and ORA_LOGIN_LOGOUT policies. Notably, from Oracle 12c onward, ORA_SECURECONFIG is enabled by default, and starting with 23ai, ORA_LOGIN_LOGOUT is also enabled by default, enhancing security and auditing capabilities out of the box.
Auditing in Multitenant Environments
In a multitenant setup, audit settings can be applied at both the Container Database (CDB) level and the individual Pluggable Database (PDB) level. Each PDB, including the root container, maintains its own unified audit trail, providing flexibility and granularity in audit management.
Conclusion
Oracle 23ai represents a significant advancement in database auditing with Unified Auditing now firmly at the core of Oracle's auditing strategy. By embracing these changes, you not only streamline your auditing processes but also enhance security and compliance across your database environments. As traditional auditing fades into history, Oracle 23ai sets a new standard for efficient and comprehensive audit management.
No comments:
Post a Comment