ASM instance audits all privileged (log in as sysasm, sysdba or sysoper) access by creating audit file for each connection under the audit file destination directories (defined by initialization parameter audit_file_dest). The directory can grow to contain a very large number of files if they are not regularly maintained, especially when initialization parameter audit_sys_operations is true which is default from 12c.
Having a very large number of files can cause the file system to run out of free disk space or inodes, or can cause Oracle to run very slowly due to file system directory scaling limits, which can have the appearance that the ASM instance is hanging on startup. It is event hard to clean the files because of the large file list.
This post shows how to use the AIX syslog facility to manage ASM auditing records so that ASM auditing records are recorded by the operating system syslog facility instead of individual files in the audit_dump_dest directory. It dramatically reduces the number of files.
If you are looking for the information for Solaris or Linux, please check out following posts
Configure ASM audit with syslog on Solaris.
Reduce number of privileged access audit files for ASM with rsyslog on Linux.
Reduce number of privileged access audit files for ASM with rsyslog on Linux.
1. Add following line to syslog configuration file /etc/syslog.conf
<facility>.<priority> <destination> rotate size <size>m files <files>
Where:
<facility>.<priority>: source of message, should be same as the value of ASM initialization parameter audit_syslog_level
<destination>: name of the file which syslogd logs audit info to
rotate size <size>m files <files>: totally <files> files are kept in rotation, and the maximum size of each file is <size> megabytes
Example configuration,
local1.info /u01/app/grid/admin/+ASM/adump/asm_audit.syslog rotate size 16m files 200
The audit message will be logged into file /u01/app/grid/admin/+ASM/adump/asm_audit.syslog. When the file size reaches 16m, the rotated filenames are created by appending a period and a number to the file, the number starts with ".0". Total number of files is 200.
Note: make sure the file asm_audit.syslog exists before restarting syslog service by touching the file
[root@host01]# touch /u01/app/grid/admin/+ASM/adump/asm_audit.syslog
2. Restart syslog daemon
[root@host01]# refresh -s syslogd
0513-095 The request for subsystem refresh was completed successfully.
3. Configure ASM initializatin parameter audit_syslog_level as sysasm
[grid@host01]$ . oraenv
ORACLE_SID = [grid] ? +ASM
The Oracle base remains unchanged with value /u01/app/grid
[grid@host01]$ sqlplus / as sysasm
SQL*Plus: Release 12.2.0.1.0 Production on Wed Jun 10 10:01:14 2019
Copyright (c) 1982, 2017, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production
SQL> alter system set audit_syslog_level='local1.info' scope=spfile;
Note: the value local1.info must be same as the message source specified in file /etc/syslog.conf.
4. Restart ASM instance
After ASM instance is restarted, you will see the size of asm_audit.syslog increasing. After several hours (depending on how busy the server is), you will see the file rotation like following,
[grid@host01]$ ls -l /u01/app/grid/admin/+ASM/adump/
-rw-r--r-- 1 root system 7772821 Jun 10 20:12 asm_audit.syslog
-rw-r--r-- 1 root system 16000531 Jun 10 18:34 asm_audit.syslog.0
1 comment:
You have done such a great job by publishing such informative article. Keep sharing such type of informative content in future. Accessibility Consultant Quebec.
Post a Comment