Oracle Linux 7 uses syslog to manage the audit files of Oracle ASM

Time:2020-6-29

If the audit file directory of Oracle ASM instance is not maintained regularly, it will contain a large number of audit files. If there is Dali audit file, the file system may run out of disk space or indoes, or Oracle will run slowly due to file system expansion restrictions, and Oracle ASM instance may hang up at startup.

Using Linux syslog tool to manage audit records of Oracle ASM is a good solution. Instead of single audit, use syslog tool of operating system_ dump_ Dest directory to record Oracle ASM audit records.

1. Set audit on Oracle ASM instance_ syslog_ Level and audit_ sys_ Operations parameter SQL > show parameter audit_ sys_

NAME         TYPE   VALUE
 ---------------------------- -------------- ------------
 audit_sys_operations boolean TRUE
 audit_syslog_level     string
 SQL> alter system set AUDIT_SYSLOG_LEVEL='local0.info' scope=spfile sid='*';
 
 System altered.
 
 SQL>

Due to audit_ sys_ The operations parameter defaults to true, so it will not be set here

2. Configure / etc for Oracle ASM audit/ syslog.conf Audit the configuration file / etc of syslog for Oracle ASM audit by performing the following two changes/ rsyslog.conf

a. In / etc/ rsyslog.conf Add the following to the document
local0.info /var/log/oracle_asm_audit.log

b. In / etc/ rsyslog.conf Add local0.none to the line / var / log / messages in the file. The modified configuration is as follows:

*.info;mail.none;authpriv.none;cron.none;local0.none /var/log/messages 
[[email protected] ~]# vi /etc/rsyslog.conf
 
  Omit
 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
 local0.info   /var/log/oracle_asm_audit.log
 *.info;mail.none;authpriv.none;cron.none;local0.none               /var/log/messages

3. Configure logrotate to manage syslog log log files. The logrotate tool of Linux is used to manage the size and quantity of syslog log log files audited by Oracle ASM, and create the file / etc / logrotate.d/oracle_ asm_ Audit, and add the following content to the file:

/var/log/oracle_asm_audit.log {
  weekly
  rotate 4
  compress
  copytruncate
  delaycompress
  notifempty
 }

4. Restart the Oracle ASM instance and rsyslog service

a. In order to use these changes to take effect, the Oracle ASM instance and rsyslog service must be restarted. You can use crsctl stop Cluster – all and crsctl start Cluster – all on any RAC node to restart the Oracle ASM instance. This operation will also shut down the database instance.

b. Execute the systemctl restart rsyslog command to restart the rsyslog service

verification

Verify the log output to see that the Oracle ASM audit record has been recorded to / var / log / Oracle_ asm_ audit.log File.

[[email protected] ~]# tail -f /var/log/oracle_asm_audit.log
 May 9 07:02:33 node1 journal: Oracle Audit[1510]: LENGTH : '241' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[4] 'grid' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[0] '' SESSIONID:[10] '4294967295' USERHOST:[5] 'node1' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'
 May 9 07:02:35 node1 journal: Oracle Audit[1561]: LENGTH : '241' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[4] 'grid' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[0] '' SESSIONID:[10] '4294967295' USERHOST:[5] 'node1' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'
 May 9 07:02:35 node1 journal: Oracle Audit[1580]: LENGTH : '241' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[4] 'grid' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[0] '' SESSIONID:[10] '4294967295' USERHOST:[5] 'node1' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'
 May 9 07:02:35 node1 journal: Oracle Audit[1586]: LENGTH : '241' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[4] 'grid' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[0] '' SESSIONID:[10] '4294967295' USERHOST:[5] 'node1' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'
 May 9 07:02:37 node1 journal: Oracle Audit[1645]: LENGTH : '241' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[4] 'grid' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[0] '' SESSIONID:[10] '4294967295' USERHOST:[5] 'node1' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'
 May 9 07:02:38 node1 journal: Oracle Audit[1649]: LENGTH : '241' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[4] 'grid' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[0] '' SESSIONID:[10] '4294967295' USERHOST:[5] 'node1' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'
 May 9 07:02:47 node1 journal: Oracle Audit[1993]: LENGTH : '241' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSASM' CLIENT USER:[4] 'grid' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[0] '' SESSIONID:[10] '4294967295' USERHOST:[5] 'node1' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'
 May 9 07:02:48 node1 journal: Oracle Audit[2035]: LENGTH : '241' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSASM' CLIENT USER:[4] 'grid' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[0] '' SESSIONID:[10] '4294967295' USERHOST:[5] 'node1' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'
 May 9 07:02:49 node1 journal: Oracle Audit[2042]: LENGTH : '241' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSASM' CLIENT USER:[4] 'grid' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[0] '' SESSIONID:[10] '4294967295' USERHOST:[5] 'node1' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'
 May 9 07:02:55 node1 journal: Oracle Audit[2477]: LENGTH : '241' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSASM' CLIENT USER:[4] 'grid' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[0] '' SESSIONID:[10] '4294967295' USERHOST:[5] 'node1' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'

Oracle Linux 7 uses syslog to manage the audit files of Oracle ASM

Recommended Today

What are the new methods of visual + map technology?

Last week, Ren Xiaofeng, chief scientist of Alibaba Gaode map, made a technical exchange with you on the development of computer vision related technology and the application in the field of map travel at the online live broadcast activity of “cloud dialogue” between senior students of Alibaba. The interaction between live broadcast is hot. Especially […]