Traditional to Unified Audit Syntax Converter - Generate Unified Audit Policies from Current Traditional Audit Configuration (Doc ID 2909718.1)

Last updated on JANUARY 08, 2024

Applies to:

Purpose

Oracle Database provides the industry’s most comprehensive auditing capability with Unified Audit. Unified audit (introduced in Oracle Database 12c) offers flexibility to perform selective and effective auditing, helping you focus on activities that really matter to your enterprise. Unified audit has a secure-by-default audit trail, supports conditional policies for audit selectivity, and includes preconfigured policies for simplicity. To improve security and compliance, Oracle strongly recommends that you use unified audit instead of the legacy traditional audit.

Traditional audit was deprecated in Oracle Database 19c and will be de-supported in an upcoming release. Mixed mode auditing (where traditional audit AND unified audit are both active at the same time) was provided starting with Oracle Database 12c to simplify adoption of unified audit where customers could have both the traditional audit configurations along with unified audit policies while transitioning. If you are still using traditional audit configurations, you should shift to use unified audit policies; both to take advantage of the great features in unified audit and to simplify your upgrade to newer versions of the Oracle Database.

In most cases, the transition from traditional audit configurations to unified audit is simple. All new Oracle databases, created from 12.2 onwards have pre-defined unified audit policies - ORA_SECURECONFIG and ORA_LOGON_FAILURES enabled, instead of their equivalent traditional audit configurations. These two pre-defined audit policies cover the most common audit requirements, capturing security-relevant events that most customers are concerned with.

You can enable additional pre-defined audit policies or create custom policies based on your compliance or security needs. To disable traditional audit, and shift from mixed mode to pure unified audit mode just relink the oracle binary with uniaud_on, and then restart the database instance. And you are ready to go!!!

If your database was upgraded from 11g, follow the same above steps in-addition to enabling the two pre-defined unified audit policies- ORA_SECURECONFIG and ORA_LOGON_FAILURES.

If you are using traditional audit at the object level, or if you have highly customized audit requirements, you have two choices to migrate to unified audit:

1. Create similar unified audit policies leveraging the rich features of unified auditing to make your audit polices more conditional, selective and focused.

2. If you are unfamiliar with the syntax involved in creating unified audit policies, leverage the syntax converter script attached to this MOS note. The syntax converter examines your traditional audit settings and generates syntactically equivalent CREATE AUDIT POLICY statements. The converter does NOT optimize your existing audit policies to take advantage of unified auditing features like top-level auditing, conditional auditing, or extensible auditing. We strongly recommend you review the converter-generated policies to see if you can adopt some of the rich features of unified auditing instead of simply enabling the converter-generated policies, but if you need to move quickly from traditional audit to unified audit, this script makes that easy. The syntax converter script can be run on database versions 19c and above.

Scope

Details

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.