Common Audit Framework - Fusion Middleware Auditing Does not do Catch up If Insert Into DB Fails For Some Rows (Doc ID 1614465.1)

Last updated on MARCH 10, 2017

Applies to:

Oracle Platform Security for Java - Version 11.1.1.7.0 to 11.1.1.7.0 [Release Oracle11g]
Information in this document applies to any platform.

Symptoms

Where FMW audit to Oracle database is configured, if the database is temporarily producing errors / failing to commit inserted audit rows then even when the DB issues are resolved, the rows from the bus-stop log that failed are not retried by FMW audit framework. New entries in the bus-stop file are saved to the database but the previously failed ones are never stored in the db, causing permanent loss of audit data.

FMW Audit is configured as per:

Oracle Fusion Middleware Application Security Guide 11g Release 1 (11.1.1)
13 Configuring and Managing Auditing
http://docs.oracle.com/cd/E28280_01/core.1111/e10043/audpolicy.htm#JISEC2003

 

To identify if this issue has occurred, check if the auditloader.state file for the [managed] server where auditing is configured is being updated regularly. If this file is not being updated then the Audit Loader has stopped loading events logged in the audit.log to the database.

Background information:

The Audit Log events mechanism use two files:

1. The bus-stop file which records the events as explained in Oracle Fusion Middleware Application Security Guide at chapter "11 Introduction to Oracle Fusion Middleware Audit Framework".

It is created as %DOMAIN_HOME%/servers/%INSTANCE_NAME%/logs/auditlogs/%COMP_TYPE%/audit*.log

2. The auditloader.state file : this file records the current status of reading the bus-stop file.

This file is created at %DOMAIN_HOME%/servers/%INSTANCE_NAME%/logs/iau/auditloader.state

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms