• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Manage ASM Audit Files with syslog – configure lograte and auditing

by admin

The audit file destination directories for an ASM instance can grow to contain a very large number of files if they are not regularly maintained. Having a very large number of files can cause the file system to run out of free disk space or inodes, or can cause Oracle to run very slowly due to file system directory scaling limits, which can have the appearance that the ASM instance is hanging on startup.

This post explains how to use the Linux syslog facility to manage ASM auditing records so that ASM auditing records are recorded by the operating system syslog facility instead of individual files in the audit_dump_dest directory.

These steps must be performed for the ASM instance on every database server. This document explains how to manage the auditing records for ASM instances only.

Configuration

These steps must be performed for the ASM instance on every database server.

Step 1 – Set ASM initialization parameters AUDIT_SYSLOG_LEVEL and AUDIT_SYS_OPERATIONS

In the ASM initialization file, set parameters AUDIT_SYSLOG_LEVEL and AUDIT_SYS_OPERATIONS to the following values:

AUDIT_SYSLOG_LEVEL='local0.info'
AUDIT_SYS_OPERATIONS=TRUE

Step 2 – Configure /etc/syslog.conf for ASM auditing

Configure syslog configuration file /etc/syslog.conf or /etc/rsyslog.conf for ASM auditing by making the following two changes:

1. Add the following line in /etc/syslog.conf or /etc/rsyslog.conf

local0.info   /var/log/asmaudit.log

2. To the line that configures logging for /var/log/messages in /etc/syslog.conf, add local0.none. For example:

*.info;mail.none;authpriv.none;cron.none;local0.none   /var/log/messages

Step 3 – Configure logrotate to manage syslog log files

The Linux logrotate utility is used to manage the size and number of syslog log files for ASM auditing. Create the file /etc/logrotate.d/asmaudit with the following content:

# vi /etc/logrotate.d/asmaudit
/var/log/asmaudit.log {
  weekly
  rotate 4
  compress
  copytruncate
  delaycompress
  notifempty
}

Step 4 – Restart ASM instances and syslog service

ASM instances and the syslog service must be restarted for the changes to take effect. An ASM instance is restarted by stopping and starting grid infrastructure by using the “crsctl stop” and “crsctl start” commands. This action requires database instances to shutdown.

# GRID_HOME/grid/bin/crsctl stop cluster
# GRID_HOME/grid/bin/crsctl start cluster

To restart the syslog service, run the “service syslog restart” command:

# service syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]

Step 5 – Verify ASM audit records are created in /var/log/asmaudit.log

Verify that a privileged connection to ASM (e.g. SYSDBA or SYSASM connection) result in an entry created in /var/log/asmaudit.log similar to the following:

Oracle Audit[8738]: LENGTH : '142' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[5] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[0]

Troubleshooting

If syslog audit records are recorded in /var/log/messages, then ensure /etc/syslog.conf has been properly configured to add “local0.none” to the /var/log/messages entry.

Filed Under: ASM, Linux, oracle

Some more articles you might also be interested in …

  1. jpegtran Command Examples in Linux
  2. i3lock Command Examples in Linux
  3. How to Convert a Directory to Partition in Linux
  4. What is the difference between the -i and -U options used in rpm command in Linux
  5. Set FTP Autologin with .netrc file in Linux
  6. Active Directory Users Unable to Login via SSH using SSSD and Getting “Permission Denied, Please Try Again” [CentOS/RHEL]
  7. netcat Command Examples in Linux
  8. ssh-keygen: command not found
  9. What users and roles are created during Oracle SQLT installation
  10. lsof : Most commonly used examples

You May Also Like

Primary Sidebar

Recent Posts

  • powertop Command Examples in Linux
  • powertop: command not found
  • powerstat: command not found
  • powerstat Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright