Configuring and Managing Auditing 12-25 Table 12–2 lists a few important attributes defined in the base table IAU_BASE. The first four attributes are common in that table and all component tables. The primary key is defined as IAU_ID + IAU_TSTZORIGINATING. You can use the listAuditEvents WLST command to get a list of all attribute names for individual component tables.

12.5.3 Indexing Scheme

For efficient queries, an index is created by default on the Timestamp IAU_ TSTZORIGINATING in the base table and on each of the component-specific tables. The default index in IAU_BASE is named EVENT_TIME_INDEX, and in the component tables it is named tableName_INDEX such as OVDCOMPONENT_INDEX, OIDCOMPONENT_INDEX, JPS_INDEX and so on.

12.5.4 Backup and Recovery

Compliance regulations require that audit data be stored for long periods. A backup and recovery plan is needed to protect the data. A good backup plan takes account of these basic guidelines: ■ Growth rate of Audit Events The number of audit events generated depends on your audit policy. The number of audit events generated daily determines, in turn, how often you want to perform backups to minimize the loss of your audit data. See Also: Section C.3, The Audit Schema Table 12–2 Attributes of Base Table IAU_BASE Attribute Description IAU_ID A unique sequential number for every audit record IAU_TstzOriginating Date and time when the audit event was generated data type TIMESTAMP IAU_EventType The type name of the audit event IAU_EventCategory The category of the audit event IAU_EventStatus The outcome of the audit event - success or failure IAU_MessageText Description of the audit event IAU_Initiator UID of the user who was doing the operation Note: A SEQUENCE, an Oracle database object, is created to coordinate the assignment of sequential numbers IAU_ID for audit records. See Also: ■ Section C.4, WLST Commands for Auditing . ■ Section C.3, The Audit Schema 12-26 Oracle Fusion Middleware Application Security Guide ■ Compliance regulations Consult you organizations compliance regulations to determine the frequency of backups and number of years for which audit data storage is mandatory. ■ Online or Offline Data Management Consult you organizations compliance regulations to determine the frequency of backups and the portion of audit data that needs to be easily accessible. Oracle Database uses Oracle Recovery Manager RMAN for backup and recovery. For details, see: http:www.oracle.comtechnologydeployavailabilityhtdocsBR_ Overview.htm http:www.oracle.comtechnologydeployavailabilityhtdocsrman _overview.htm

12.5.5 Importing and Exporting Data

You can import and export the audit schema to migrate data if you started with multiple audit databases and wish to combine them into a single audit store, or if you wish to change the database to scale up. Oracle Database sites can utilize the utilities of Oracle Data Pump to import and export data. For details, refer to: http:www.oracle.comtechnologyproductsdatabaseutilitieshtd ocsdata_pump_overview.html

12.5.6 Partitioning

Not all database systems support partitioning, all the tables in the audit schema are unpartitioned by default. Since audit data is cumulative and older data is never removed, if you store a high volume of audit data you should consider partitioning the audit schema, as it will allow for easier archiving. Benefits of partitioning include: ■ Improved Performance: If a table is range-partitioned by Timestamps, for example, queries by Timestamps can be processed on the partitions within that time-frame only. ■ Better Manageability: Partitions can be created on separate tablespaces thus different disks. This enables you to move older data to slower and larger disks, while keeping newer data in faster and smaller disks. In addition, partitioning makes archival much easier. For example, you can compress a singlve partition rather than having to partition the entire table. ■ Increased Availability: If a single partition is unavailable, for example, and you know that your query can eliminate this partition from consideration, the query can be successfully processed without needing to wait for the unavailable partition. Note: The translation table, IAU_DISP_NAMES_TL, needs to be backed up only once, since it should not change over time. Configuring and Managing Auditing 12-27

12.5.6.1 Partition Tables

In this example, IAU_BASE is used as an example to demonstrate how to convert the unpartitioned tables in the audit schema into partitioned tables. It is recommended that partitioning is done before using this schema for an audit store to minimize the application down time. The partitioning steps are as follows: 1. Rename the existing unpartitioned table. For example: RENAME IAU_BASE TO IAU_BASE_NONPART; 2. Create a new partitioned table that follows the table structure of the unpartitioned table. This example uses the range-partitioning by Timestamp scheme: CREATE TABLE IAU_BASE PARTITION BY RANGE IAU_TSTZORIGINATING PARTITION IAU_BASE_DEFAULT VALUES LESS THAN MAXVALUE AS SELECT FROM IAU_BASE_NONPART; 3. Enable row movement to allow data to automatically move from partition to partition when new partitions are created. For example: ALTER TABLE IAU_BASE ENABLE ROW MOVEMENT; 4. Create a local prefix index for the partitioned table. For example: ALTER INDEX EVENT_TIME_INDEX RENAME TO EVENT_TIME_INDEX_NONPART; CREATE INDEX EVENT_TIME_INDEX ON IAU_BASEIAU_TSTZORIGINATING LOCAL; Note: Two sample SQL scripts are shipped with the product: ■ RCU_ HOMErcuintegrationiauscriptsconvertPartition edTables.sql linux or RCU_ HOME\rcu\integration\iau\scripts\convertPartition edTables.sql Windows converts the base and component tables in audit schema into partitioned tables ■ RCU_ HOMErcuintegrationiauscriptscreatePartitions ByQuarter.sql linux or RCU_ HOME\rcu\integration\iau\scripts\createPartitions ByQuarter.sql Windows creates partitions by quarter for the base and component tables in the audit schema Note: It is recommended that you deactivate the audit loader prior to partitioning. See Section 12.2.4.1, Deconfigure the Audit Store for details. 12-28 Oracle Fusion Middleware Application Security Guide 5. Partitions can now be created. In this example partitions are created by calendar quarter: ALTER TABLE IAU_BASE SPLIT PARTITION IAU_BASE_DEFAULT AT TO_DATE01042008, DDMMYYYY INTO PARTITION IAU_BASE_Q1_2008, PARTITION IAU_BASE_DEFAULT UPDATE INDEXES; ALTER TABLE IAU_BASE SPLIT PARTITION IAU_BASE_DEFAULT AT TO_DATE01072008, DDMMYYYY INTO PARTITION IAU_BASE_Q2_2008, PARTITION IAU_BASE_DEFAULT UPDATE INDEXES; ALTER TABLE IAU_BASE SPLIT PARTITION IAU_BASE_DEFAULT AT TO_DATE01102008, DDMMYYYY INTO PARTITION IAU_BASE_Q3_2008, PARTITION IAU_BASE_DEFAULT UPDATE INDEXES; ALTER TABLE IAU_BASE SPLIT PARTITION IAU_BASE_DEFAULT AT TO_DATE01012009, DDMMYYYY INTO PARTITION IAU_BASE_Q4_2008, PARTITION IAU_BASE_DEFAULT UPDATE INDEXES;

12.5.6.2 Backup and Recovery of Partitioned Tables

Backup and recovery were discussed in Section 12.5.4, Backup and Recovery . Note that read-only tablespaces can be excluded from whole database backup, so long as a backup copy was created. Thus, you can avoid unnecessarily repeating backups for the partitions of archived data residing on those tablespaces, improving performance.

12.5.6.3 Import, Export, and Data Purge

Import and export were discussed in Section 12.5.5, Importing and Exporting Data . Keep in mind that with a range-partitioned table it is much more efficient to drop a partition when you want to remove old data, rather than deleting the rows individually. ALTER TABLE IAU_BASE DROP PARTITION IAU_BASE_Q4_2008; It is also easy to load a partition of new data without having to modify the entire table. However, you have to remove the default partition of values less than MAXVALUE first, and add it back once finished, using a command like the following: ALTER TABLE IAU_BASE ADD PARTITION IAU_BASE_Q4_2008 VALUES LESS THAN 01-JAN-2009; Once partitions are created, you can purgebackup a particular partition. Refer to your database documentation for details. In the database mode, the audit loader automatically manages bus-stop files.

12.5.6.4 Tiered Archival

Partitioning enables individual partitions or groups of partitions to be stored on different storage tiers. You can create tablespaces in high-performance or low-cost disks, and create partitions in different tablespaces based on the value of the data or Note: New partitions should be created periodically for new quarters.