The first question usually gets a response of between 10% and 30% of the audience and the second (from those who raised a hand to the first question) is again around 10%. This is bad but consistent at least when I ask these questions. This means that between 1% and 3% of people create an audit trail of the database engine (not the applications - usually that is a much bigger percentage) to detect if anyone is hacking it in real time or semi-real time; and 10% to 30% who just collect and hope that they have enough audit to assist an investigation.
So, back to the story; Oracle added unified audit back in 2013 to 12c and they deprecated standard audit in 21c and announced that its de-supported in 23c. Its not gone completely. The parameters AUDIT_TRAIL, AUDIT_SYS_OPERATIONS, AUDIT_FILE_DEST and AUDIT_SYSLOG_LEVEL are deprecated in 23c and Oracle recommends that you move to Unified Audit as soon as possible.
If you used traditional audit in an earlier release and migrated to 23c then the traditional audit settings are honoured and the settings will write audit to their audit trails BUT you cannot add new traditional audit settings.
There is a need to start to think about Unified audit and migrating traditional audit to Unified Audit and if you are not using either then start to think about using Unified Audit to capture abuse of the database by anyone. You will find it useful to have a well designed audit trail to do two things; one; react to the audit and take action immediately if an attack looks like it could be happening and two; have enough evidence should an attack get through
If you try and set new traditional audit in 23c you get this:
SQL> audit create session;
audit create session
*
ERROR at line 1:
ORA-46401: No new traditional AUDIT configuration is allowed. Traditional
auditing is de-supported, and you should use unified auditing in its place.
SQL>
#oracleace #23c #audit #oracle #unified #database #databreach
