Home » RDBMS Server » Security » too much audit file genration (HPUX: Version 11.2.0.2.0 )
too much audit file genration [message #535415] Wed, 14 December 2011 01:31 Go to next message
dba_7722
Messages: 197
Registered: August 2010
Location: Delhi
Senior Member

Hello Experts,

I can see we have too much file generation in audit path /opt/oracle/admin/infoddp/adump. When checking with the parameter i found, there is no trace enabled.

Can we check what parameter letting this file generation.

Thanks


SQL> show parameter audit

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest                      string      /opt/oracle/admin/infoddp/adum
                                                 p
audit_sys_operations                 boolean     FALSE
audit_syslog_level                   string
audit_trail                          string      FALSE
SQL> show parameter trace

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
log_archive_trace                    integer     0
sec_protocol_error_trace_action      string      NONE
sql_trace                            boolean     FALSE
trace_enabled                        boolean     FALSE
tracefile_identifier                 string
SQL> select * from v$version;

BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
PL/SQL Release 11.2.0.2.0 - Production
CORE    11.2.0.2.0      Production
TNS for HPUX: Version 11.2.0.2.0 - Production
NLSRTL Version 11.2.0.2.0 - Production
Re: too much audit file genration [message #535425 is a reply to message #535415] Wed, 14 December 2011 01:48 Go to previous messageGo to next message
Michel Cadot
Messages: 68624
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
SYS connections are always audited.
Check the content of the files.

Regards
Michel
Re: too much audit file genration [message #535438 is a reply to message #535425] Wed, 14 December 2011 02:46 Go to previous messageGo to next message
dba_7722
Messages: 197
Registered: August 2010
Location: Delhi
Senior Member

Yes Michel, you are right.

Thanks. can we stop this, else we need to deploy a cronjob to clear this files..

thunder:/opt/oracle/admin/infoddp/adump>more infoddp_ora_10626_1.aud
Audit file /opt/oracle/admin/infoddp/adump/infoddp_ora_10626_1.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
ORACLE_HOME = /u01/infoddp/product/11.2.0/db
System name:    HP-UX
Node name:      thunder
Release:        B.11.31
Version:        U
Machine:        ia64
Instance name: infoddp
Redo thread mounted by this instance: 1
Oracle process number: 47
Unix process pid: 10626, image: oracle@thunder (TNS V1-V3)

Mon Dec 12 22:05:00 2011 -06:00
LENGTH : '155'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'amddba'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
DBID:[10] '3706193348'

thunder:/opt/oracle/admin/infoddp/adump>
Re: too much audit file genration [message #535446 is a reply to message #535438] Wed, 14 December 2011 03:13 Go to previous messageGo to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
I suppose you could set the AUDIT_FILE_DEST instrance parameter to /dev/null
Re: too much audit file genration [message #535450 is a reply to message #535446] Wed, 14 December 2011 03:18 Go to previous messageGo to next message
Michel Cadot
Messages: 68624
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
I think it is better to add a cron job that will rm the file older than a few days.
Maybe some day you will need to know who was connected as SYS in the last few days.

Regards
Michel
Re: too much audit file genration [message #535452 is a reply to message #535450] Wed, 14 December 2011 03:31 Go to previous messageGo to next message
Roachcoach
Messages: 1576
Registered: May 2010
Location: UK
Senior Member
I can't recall which version, but I recall there was a bug where ALL connections were audited as if they were sys.

If you feel the generation is at odds with the volume of sys logons, its worth checking. (I don't think it was 11.2 though)
Re: too much audit file genration [message #535456 is a reply to message #535452] Wed, 14 December 2011 03:42 Go to previous messageGo to next message
Michel Cadot
Messages: 68624
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Yes, if you use ASM, all pings were recorded as a SYS connection and led to many useless audit files.

Regards
Michel
Re: too much audit file genration [message #535464 is a reply to message #535456] Wed, 14 December 2011 04:18 Go to previous message
dba_7722
Messages: 197
Registered: August 2010
Location: Delhi
Senior Member

Adding to Roachcoach & Michel, this database is also using ASM.
Previous Topic: Tivoli Identity Manager - Oracle Authentication
Next Topic: User unable to login after password reset
Goto Forum:
  


Current Time: Thu Mar 28 09:23:57 CDT 2024