What Is Oracle Release 12c Unified Auditing?

In Oracle 12c, a new database auditing foundation has been introduced.  Oracle Unified Auditing changes the fundamental auditing functionality of the database.  In previous releases of Oracle, there were separate audit trails for each individual component.  Unified Auditing consolidates all auditing into a single repository and view.  This provides a two-fold simplification: audit data can now be found in a single location, and all audit data is in a single format.  Oracle 12c Unified Auditing supports –

• Standard database auditing
• SYS operations auditing (AUDIT_SYS_OPERATIONS)
• Fine Grained Audit (FGA)
• Data Pump
• Oracle RMAN
• Oracle Label Security (OLS)
• Database Vault (DV)
• Real Application Security (RAS)
• SQL*Loader Direct Load

Unified Auditing comes standard with Oracle Enterprise Edition; no additional license is required.  It is installed by default, but not fully enabled by default.  There are two modes of operation to allow for a transition from pre-12c auditing –

• Mixed Mode – default 12c option.  All pre-12c log and audit functionality and configurations work as before.  New Unified Auditing functionality is also available.  Log data is available in both the traditional locations as well as a new view SYS.UNIFIED_AUDIT_TRAIL.  Also, log data continues to be written in clear text when Syslog is used. 
• Full Mode or PURE mode – enabled only by stopping the database and relinking the Oracle kernel.  Once enabled, pre-12c log and audit configurations are ignored, and audit data is saved using the Oracle SecureFiles, which is a proprietary file format.  Because of this, Syslog is not supported.  All audit data can be found in the view SYS.UNIFIED_AUDIT_TRAIL.

Figure 1 – Auditing Pre-Oracle 12c

Figure 2 – Oracle 12c Unified Auditing – Mixed Mode

Figure 3 – Oracle 12c Unified Auditing – Pure Mode

Figure 4 – Oracle 12c Unified Audit

If you have questions, please contact us at mailto:info@integrigy.com

Reference

For more information on Unified Auditing can be found here:

• Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing
• 12c Unified Auditing, Oracle Database Security Guide 12c Release 1 (12.1) http://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG1023
• Predefined Unified Audit Policies, Oracle Database Security Guide 12c Release 1 (12.1) http://docs.oracle.com/database/121/DBSEG/audit_config.htm#DBSEG356