Oracle教程

Oracle 参数 UNIFIED_AUDIT_SYSTEMLOG 官方解释,作用,如何配置最优化建议

本站中文解释

UNIFIED_AUDIT_SYSTEMLOG参数控制审计策略是将审计数据写入操作系统级别的日志文件,还是将审计数据写入自定义的Unified Audit Trail表(在SYSAUX表空间中) 。

正确设置:

1.首先,要正确设置UNIFIED_AUDIT_SYSTEMLOG参数,需要实施者对Oracle数据库审计要求有清晰的认识;

2.将UNIFIED_AUDIT_SYSTEMLOG参数设置为TRUE,以将审计数据写入操作系统级别的日志文件;

3.将UNIFIED_AUDIT_SYSTEMLOG参数设置为FALSE,以将审计数据写入自定义的Unified Audit Trail表;

4.在设置UNIFIED_AUDIT_SYSTEMLOG参数的时候,如果存在安全方面的需求,那么必须设置为FALSE(以写入Unified Audit Trail表);

5.如果Oracle数据库审计要求不严格,可以将UNIFIED_AUDIT_SYSTEMLOG参数设置为TRUE(以将审计数据写入操作系统级别的日志文件);

6.此外,UNIFIED_AUDIT_SYSTEMLOG参数也可以设置为NONE(不启用统一审计)

官方英文解释

UNIFIED_AUDIT_SYSTEMLOG specifies whether key fields of unified audit records will be written to the SYSLOG utility (on UNIX platforms) or to the Windows Event Viewer (on Windows). In a CDB, this parameter is a per-PDB static initialization parameter.

Property Description

Parameter type

String for UNIX platforms, Boolean for Windows

Syntax

On UNIX:

UNIFIED_AUDIT_SYSTEMLOG = 'facility_clause.priority_clause'

facility_clause::=

{ USER | LOCAL[ 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 ] }

priority_clause::=

{ NOTICE | INFO | DEBUG | WARNING | ERR | CRIT | ALERT | EMERG }

On Windows:

UNIFIED_AUDIT_SYSTEMLOG = { FALSE | TRUE }

Default value

No default on UNIX platforms

FALSE on Windows

Modifiable

No

Modifiable in a PDB

Yes

Basic

No

Oracle RAC

The same value must be used on all instances.

When this parameter is set on UNIX, key fields of unified audit records are written to SYSLOG. When this parameter is set on Windows, key fields of unified audit records are written to the Windows Event Viewer.

Do not set this parameter (or set it to FALSE on Windows) if you do not want key fields of unified audit records written to SYSLOG or the Windows Event Viewer.

When UNIFIED_AUDIT_SYSTEMLOG is enabled, the key fields of the unified audit records that are written to SYSLOG or Windows Event Viewer uniquely identify the detailed unified audit records in the UNIFIED_AUDIT_TRAIL view. Only a subset of the unified audit record fields are written to ensure that the audit record entries do not exceed the maximum allowed size for a SYSLOG entry (typically 1024 bytes).

This parameter differs from the UNIFIED_AUDIT_COMMON_SYSTEMLOG parameter in that it is set at the PDB level and enables the logging of unified audit records on a per-PDB basis, whereas UNIFIED_AUDIT_COMMON_SYSTEMLOG is set at the CDB level and enables all unified audit records from common unified audit policies to be consolidated into a single destination.

See Also:

  • “UNIFIED_AUDIT_COMMON_SYSTEMLOG”

  • “UNIFIED_AUDIT_TRAIL”

  • Oracle Database Security
    Guide     for a table that maps the names given to the unified audit records fields that are written to SYSLOG and the Windows Event Viewer to the corresponding column names in the UNIFIED_AUDIT_TRAIL view


数据运维技术 » Oracle 参数 UNIFIED_AUDIT_SYSTEMLOG 官方解释,作用,如何配置最优化建议
分享到:

相关推荐