AVDF Cannot Collect Audit Trail For SYSLOG On Linux 8
(Doc ID 2979517.1)
Last updated on JULY 20, 2024
Applies to:
Oracle Audit Vault and Database Firewall - Version 20.9.0.0.0 and laterInformation in this document applies to any platform.
Symptoms
Audit vault can't collect Audit Trail for SYSLOG.The content of audit syslog is different on Linux 8 sample as bellow:
On Linux 8:
Aug 2 13:19:47 node02 journal[640537]: Oracle Audit[640537]: LENGTH : '252' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[8] '45475741' SESSIONID:[10] '4294967295' USERHOST:[6] 'node02' CLIENT ADDRESS:[0] '' ACTION NUMBER:[3] '100'
On Linux 7:
syslog samples as bellow:
Jul 30 03:27:13 db-bke journal: Oracle Audit[52292]: LENGTH : '314' ACTION :[72] 'select action from gv$session where sid=:1 and serial#=:2 and inst_id=:3' DATABASE USER:
Note : journal[640537] extra ID is not present
Changes
SYSLOG audit file format changed in Linux 8 vs Linux 7
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |