Table of Contents Previous Next

8 Audit Manager : 8.3 Configuring Audit Logging with the Audit Manager

To open the Audit Manager, select Audit Manager… from the Management menu. The Audit Manager Welcome dialog opens as shown in Figure 8.3.
Screen shot 2013-09-19 at 11
Click Next to continue.
Screen shot 2013-09-19 at 11
The Auditing Parameters Configuration dialog lets you enable or disable auditing and choose how often log records are collected into PEM (see Figure 8.5).
Screen shot 2013-09-19 at 11
Use the fields on the Auditing Parameters Configuration dialog to specify auditing preferences:
Use the Auditing Status radio buttons to Enable or Disable auditing.
Check the Enable Log Collection checkbox to instruct PEM to periodically gather the log records so you can later view them in the Audit Log dashboard. When enabled, the PEM agent will parse the audit logs, and store the result in the pemdata.audit_logs table on the PEM server.
Use the Collection Frequency drop-down list to specify how often PEM should collect the log records.
Use the Log Format radio buttons to specify the raw log format that will be written on each server. When Enable Log Collection is checked, PEM will use CSV format.
Use the Audit Directory Name field to specify a directory name to which the audit logs will be written. The directory will reside beneath the data directory on the PEM server.
Use the Audit File Name to specify a format for the log file name. By default, the format is audit-%Y-%m-%d_%H%M%S, where:
audit is the file name specified in the Audit Directory Name field
Y is the year that the log was stored
m is the month that the log was stored
d is the day that the log was stored
H is the hour that the log was stored
M is the minute that the log was stored
S is the second that the log was stored
Click Next to continue to the Audit Log Configuration dialog (see Figure 8.6).
Screen shot 2013-09-19 at 11
Use the Audit Log Configuration dialog to determine the types of activities to be logged during auditing:
Specify All to log all connection attempts, Failed to log only failed connection attempts, or None for no connection logging of Log Connection Attempts.
Specify All to log all disconnection attempts or None for no disconnection logging of Log Disconnection Attempts.
Check the Log Select Statements checkbox if you want to log SELECT statements.
Check the Log Error Statements checkbox if you want to log SQL statements that result in an error.
Check the Log DML Statements checkbox if you want to log data manipulation language SQL statements such as INSERT, UPDATE, and DELETE.
Check the Log DDL Statements checkbox if you want to log data definition language SQL statements such as CREATE, DROP, and ALTER.
Click Next to continue to the Auditing Parameters Log Rotation dialog (see Figure 8.7).
Screen shot 2013-09-19 at 11
Use the Auditing Parameters Log Rotation dialog to set factors controlling audit log file rotation.
Check the Enable Log Rotation checkbox if you want the log file to be periodically rotated. If the log file is not rotated, a single file is used, which may grow to an unmanageably large size over time. Thus, it is suggested to enable log rotation.
Use the Rotation Day drop-down list to specify the day of the week on which the log file should be rotated. Select Everyday if you want log rotation to occur on every day of the week. Select None if you do not want the log rotation criteria based on the day of the week. Otherwise, choose the desired day of the week for log rotation from the drop-down list.
Use the Rotation Size field if you want to base the rotation criteria on the size of the log file. Specify the size in megabytes for when the log file should be rotated upon reaching the given file size.
Use the Rotation Time field if you want to base the rotation criteria on time between rotations. Specify the number of seconds after which each rotation should occur.
Click Next to continue to the Schedule Auditing Changes dialog (see Figure 8.8).
Screen shot 2013-09-19 at 11
Use the Schedule Auditing Changes dialog to determine when auditing configuration changes are to take effect.
Select Configure Auditing Now if you want the auditing configuration changes to take place immediately. The affected database servers will be restarted so the auditing changes can take effect.
Select Schedule it for some other time if you want the auditing configuration changes to take place at some point in the future. Select the desired date and time from the drop-down lists. The affected database servers will be restarted at the specified date/time to put the auditing changes into effect.
Click Finish to complete the auditing configuration process.
The scheduled jobs can be viewed in the Task Viewer, and the results in the Log Viewer when opened from the appropriate server or agent. (Right click on a server or agent and choose Scheduled Tasks from the menu in order to open the Task Viewer.)

8 Audit Manager : 8.3 Configuring Audit Logging with the Audit Manager

Table of Contents Previous Next