• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Manage ASM Audit Files with syslog – configure lograte and auditing

By admin

The audit file destination directories for an ASM instance can grow to contain a very large number of files if they are not regularly maintained. Having a very large number of files can cause the file system to run out of free disk space or inodes, or can cause Oracle to run very slowly due to file system directory scaling limits, which can have the appearance that the ASM instance is hanging on startup.

This post explains how to use the Linux syslog facility to manage ASM auditing records so that ASM auditing records are recorded by the operating system syslog facility instead of individual files in the audit_dump_dest directory.

These steps must be performed for the ASM instance on every database server. This document explains how to manage the auditing records for ASM instances only.

Configuration

These steps must be performed for the ASM instance on every database server.

Step 1 – Set ASM initialization parameters AUDIT_SYSLOG_LEVEL and AUDIT_SYS_OPERATIONS

In the ASM initialization file, set parameters AUDIT_SYSLOG_LEVEL and AUDIT_SYS_OPERATIONS to the following values:

AUDIT_SYSLOG_LEVEL='local0.info'
AUDIT_SYS_OPERATIONS=TRUE

Step 2 – Configure /etc/syslog.conf for ASM auditing

Configure syslog configuration file /etc/syslog.conf or /etc/rsyslog.conf for ASM auditing by making the following two changes:

1. Add the following line in /etc/syslog.conf or /etc/rsyslog.conf

local0.info   /var/log/asmaudit.log

2. To the line that configures logging for /var/log/messages in /etc/syslog.conf, add local0.none. For example:

*.info;mail.none;authpriv.none;cron.none;local0.none   /var/log/messages

Step 3 – Configure logrotate to manage syslog log files

The Linux logrotate utility is used to manage the size and number of syslog log files for ASM auditing. Create the file /etc/logrotate.d/asmaudit with the following content:

# vi /etc/logrotate.d/asmaudit
/var/log/asmaudit.log {
  weekly
  rotate 4
  compress
  copytruncate
  delaycompress
  notifempty
}

Step 4 – Restart ASM instances and syslog service

ASM instances and the syslog service must be restarted for the changes to take effect. An ASM instance is restarted by stopping and starting grid infrastructure by using the “crsctl stop” and “crsctl start” commands. This action requires database instances to shutdown.

# GRID_HOME/grid/bin/crsctl stop cluster
# GRID_HOME/grid/bin/crsctl start cluster

To restart the syslog service, run the “service syslog restart” command:

# service syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]

Step 5 – Verify ASM audit records are created in /var/log/asmaudit.log

Verify that a privileged connection to ASM (e.g. SYSDBA or SYSASM connection) result in an entry created in /var/log/asmaudit.log similar to the following:

Oracle Audit[8738]: LENGTH : '142' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[5] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[0]

Troubleshooting

If syslog audit records are recorded in /var/log/messages, then ensure /etc/syslog.conf has been properly configured to add “local0.none” to the /var/log/messages entry.

Filed Under: ASM, Linux, oracle

Some more articles you might also be interested in …

  1. How to Ignore/Disable Specific auditd Logging Entries
  2. How to list all the named events set for a database
  3. CentOS / RHEL : How to identify/match LUN presented from SAN with underlying OS disk
  4. Replacing a Failed Mirror Disk in a Software RAID Array (mdadm)
  5. Linux OS Service ‘NetworkManager’
  6. Beginners Guide to Udev in Linux
  7. How to Extend ocfs2 Filesystem with tunefs.ocfs2 Command (Whole device used without partitions)
  8. Beginners Guide to Oracle Database Vault
  9. CentOS / RHEL 5 : How to Configure kdump
  10. How to Run a Script When USB Devices Is Attached or Removed Using UDEV

You May Also Like

Primary Sidebar

Recent Posts

  • How to disable ACPI in CentOS/RHEL 7
  • How to Use real-time query to access data on a physical standby database
  • CentOS/RHEL 8: “ACPI MEMORY OR I/O RESET_REG” Server Hung after reboot
  • How to Create a Physical Standby Database by Using SQL and RMAN Commands
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary