Oracle 参数 UNIFIED_AUDIT_COMMON_SYSTEMLOG 官方解释,作用,如何配置最优化建议

本站中文解释

UNIFIED_AUDIT_COMMON_SYSTEMLOG 是unified audit 系统参数,用于指定数据库中统一审计日志活动记录向何处写入。

可以设置为SYSLOG、LOG_FILE、OWNER_LOG、LOCAL_SYSLOG,他们优先级分别为最高、次高、第三、最低。

设定unified audit 后,数据库将写入活动记录到系统日志文件(SYSLOG)、数据库日志(LOG_FILE)、数据库对象所有者自己的日志(OWNER_LOG)、或者局部系统日志(LOCAL_SYSLOG)。

正确设置方法:

1、确定目标:首先要确定unified audit 要写入哪些活动记录,分析活动记录的类型、审计的级别,以及日志的存储地。

2、配置unified audit:设置unified audit 系统参数,如UNIFIED_AUDIT_COMMON_SYSTEMLOG,确定unified audit 的服务对象,并调整系统参数值,以将日志定向存储到所需要的位置。

3、确定备份操作:如果unified audit 日志存储存耗资源较大时,可以采用备份操作,将日志分为几部分,以便减少存储空间的占用。

4、根据实际情况配置策略:针对每一个应用程序服务,可以设置审计对象活动记录和操作审计策略,确保审计活动记录被收集。

5、审核:定期对unified audit 审计活动记录进行审核,确保审计活动记录是满足安全审计要求的。

官方英文解释

UNIFIED_AUDIT_COMMON_SYSTEMLOG specifies whether key fields of unified audit records generated due to common audit policies will be written to the SYSLOG utility.

Note:

This initialization parameter is supported only on UNIX platforms.

Property Description

Parameter type

String

Syntax

UNIFIED_AUDIT_COMMON_SYSTEMLOG = 'facility_clause.priority_clause'

facility_clause::=

{ USER | LOCAL[ 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 ] }

priority_clause::=

{ NOTICE | INFO | DEBUG | WARNING | ERR | CRIT | ALERT | EMERG }

Default value

None

Modifiable

No

Modifiable in a PDB

No

Basic

No

Oracle RAC

The same value must be used on all instances.

When this parameter is set, key fields of unified audit records generated due to common audit policies are written to SYSLOG. These fields uniquely identify the detailed unified audit records in the UNIFIED_AUDIT_TRAIL view. Only a subset of unified audit record fields are written to ensure that the audit record entries do not exceed the maximum allowed size for a SYSLOG entry (typically 1024 bytes).

Do not set this parameter if you do not want key fields of unified audit records generated due to common audit policies written to SYSLOG.

This parameter differs from the UNIFIED_AUDIT_SYSTEMLOG parameter in that it is set at the CDB level and enables all unified audit records from common unified audit policies to be consolidated into a single destination, whereas UNIFIED_AUDIT_SYSTEMLOG is set at the PDB level and enables the logging of unified audit records on a per-PDB basis.

See Also:

  • “UNIFIED_AUDIT_SYSTEMLOG”

  • “UNIFIED_AUDIT_TRAIL”

  • Oracle Database Security
    Guide
    for a table that maps the names given to the unified audit records fields that are written to SYSLOG to the corresponding column names in the UNIFIED_AUDIT_TRAIL view


数据运维技术 » Oracle 参数 UNIFIED_AUDIT_COMMON_SYSTEMLOG 官方解释,作用,如何配置最优化建议