Common Audit Framework - Fusion Middleware Auditing Does not do Catch up If Insert Into DB Fails For Some Rows
Last updated on MARCH 10, 2017
Applies to:Oracle Platform Security for Java - Version 126.96.36.199.0 to 188.8.131.52.0 [Release Oracle11g]
Information in this document applies to any platform.
Where FMW audit to Oracle database is configured, if the database is temporarily producing errors / failing to commit inserted audit rows then even when the DB issues are resolved, the rows from the bus-stop log that failed are not retried by FMW audit framework. New entries in the bus-stop file are saved to the database but the previously failed ones are never stored in the db, causing permanent loss of audit data.
FMW Audit is configured as per:
Oracle Fusion Middleware Application Security Guide 11g Release 1 (11.1.1)
13 Configuring and Managing Auditing
To identify if this issue has occurred, check if the auditloader.state file for the [managed] server where auditing is configured is being updated regularly. If this file is not being updated then the Audit Loader has stopped loading events logged in the audit.log to the database.
The Audit Log events mechanism use two files:
1. The bus-stop file which records the events as explained in Oracle Fusion Middleware Application Security Guide at chapter "11 Introduction to Oracle Fusion Middleware Audit Framework".
It is created as %DOMAIN_HOME%/servers/%INSTANCE_NAME%/logs/auditlogs/%COMP_TYPE%/audit*.log
2. The auditloader.state file : this file records the current status of reading the bus-stop file.
This file is created at %DOMAIN_HOME%/servers/%INSTANCE_NAME%/logs/iau/auditloader.state
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms