Oracle 参数 AUDIT_FILE_DEST 官方解释,作用,如何配置最优化建议
本站中文解释
(审计文件目的地)
AUDIT_FILE_DEST参数指定了数据库的审计文件的存储位置。当AUDIT_TRAIL参数设置为os时,审计文件会输出到该参数所指定的位置。
正确设置该参数的方法:
1. 确保在审计文件存储的位置有足够的磁盘空间,以便该目录可以存储审计日志,否则可能导致审计文件被覆盖。
2. 尽量使用Oracle推荐的存储审计日志的路径,即:$ORACLE_BASE/admin/$ORACLE_SID/adump。
3. Audith文件通常输出为.aud格式,可以使用AUDIT_SYS_OPERATIONS和AUDIT_SYS_ACTIONS参数来决定哪类审计操作写入审计文件。
4. 任何时候,应用的审计策略可能会改变,因此需要经常对审计文件目的地进行更新。
官方英文解释
AUDIT_FILE_DEST specifies the operating system directory into which the audit trail is written when the AUDIT_TRAIL initialization parameter is set to os, xml, or xml,extended.
| Property | Description |
|---|---|
|
Parameter type |
String |
|
Syntax |
|
|
Default value |
The first default value is:
The second default value, which is used if the first default value does not exist or is unusable, is:
Both of these default values are for UNIX systems. Other platforms may have different defaults. In a multitenant container database (CDB), both of these default values will be appended with the GUID of the pluggable database (PDB) to store audit records that belong to the PDB. For example, if the PDB’s GUID is ORACLE_BASE You can use the |
|
Modifiable |
|
|
Modifiable in a PDB |
No |
|
Basic |
No |
Note:
This parameter is effective when using traditional auditing. Traditional auditing is deprecated in Oracle Database 21c. Oracle recommends that you instead use unified auditing, which enables selective and more effective auditing inside Oracle Database.
-
See Oracle Database Security
Guide for more information about unified auditing. -
See Oracle Database Upgrade
Guide for more information about migrating to unified auditing.
In an Oracle database that has migrated to unified auditing, the setting of this parameter has no effect.
The audit records will be written in XML format if the AUDIT_TRAIL initialization parameter is set to xml or xml, extended. It is also the location to which mandatory auditing information is written and, if so specified by the AUDIT_SYS_OPERATIONS initialization parameter, audit records for user SYS.
In a multitenant container database (CDB), the scope of the settings for this initialization parameter is the CDB. Although the audit trail is provided per pluggable database (PDB) in a CDB, this initialization parameter cannot be configured for individual PDBs.
See Also:
-
Oracle Multitenant
Administrator’s Guide for conceptual information about CDBs and PDBs -
Oracle Multitenant
Administrator’s Guide for information about managing CDBs and PDBs -
“V$CONTAINERS”
-
“V$PDBS”
