12-24 Oracle Fusion Middleware Application Security Guide WebLogic Domain Home serversserver_ name diagnosticsauditlogsJPSaudit.log Fields:Date Time Initiator EventType EventStatus MessageText HomeInstance ECID RID ContextFields SessionId TargetComponentType ApplicationName EventCategory ThreadId InitiatorDN TargetDN FailureCode RemoteIP Target Resource Roles CodeSource InitiatorGUID Principals PermissionAction PermissionClass mapName key Remark Values:ComponentType=JPS 2008-12-08 10:46:05.492 - CheckAuthorization true Oracle Platform Security Authorization Check Permission SUCCEEDED. - - - - - - - Authorization 48 - - true - - oracle.security.jps.service.policystore.PolicyStoreAccessPermission context=APPLICATION,name=SimpleServlet getApplicationPolicy - file:oracleworkmiddlewareoracle_commonmodulesoracle.jps_ 11.1.1jps-internal.jar - [] - - - - Figure Figure 12–1 shows the data in the base table and how it relates to the component-specific tables. Figure 12–1 Audit Schema The average record size in the base table IAU_BASE is approximately 0.3 KB. When you plan for tablespace sizing: ■ use this number as a guideline for the average record size ■ monitor how audit database size is growing based on the audit policy selected and the level of activity ■ take into account the period of time for which the audit data is being stored.

12.5.2 Table Attributes

The attributes of the base table and the component-specific tables respectively are derived from these files: ORACLE_HOMEmodulesoracle.iau_11.1.1componentsgenericgeneric_events.xml for the base table, and ORACLE_HOMEmodulesoracle.iau_11.1.1componentscomponentNamecomponent_ events.xml for each component table. Configuring and Managing Auditing 12-25 Table 12–2 lists a few important attributes defined in the base table IAU_BASE. The first four attributes are common in that table and all component tables. The primary key is defined as IAU_ID + IAU_TSTZORIGINATING. You can use the listAuditEvents WLST command to get a list of all attribute names for individual component tables.

12.5.3 Indexing Scheme

For efficient queries, an index is created by default on the Timestamp IAU_ TSTZORIGINATING in the base table and on each of the component-specific tables. The default index in IAU_BASE is named EVENT_TIME_INDEX, and in the component tables it is named tableName_INDEX such as OVDCOMPONENT_INDEX, OIDCOMPONENT_INDEX, JPS_INDEX and so on.

12.5.4 Backup and Recovery

Compliance regulations require that audit data be stored for long periods. A backup and recovery plan is needed to protect the data. A good backup plan takes account of these basic guidelines: ■ Growth rate of Audit Events The number of audit events generated depends on your audit policy. The number of audit events generated daily determines, in turn, how often you want to perform backups to minimize the loss of your audit data. See Also: Section C.3, The Audit Schema Table 12–2 Attributes of Base Table IAU_BASE Attribute Description IAU_ID A unique sequential number for every audit record IAU_TstzOriginating Date and time when the audit event was generated data type TIMESTAMP IAU_EventType The type name of the audit event IAU_EventCategory The category of the audit event IAU_EventStatus The outcome of the audit event - success or failure IAU_MessageText Description of the audit event IAU_Initiator UID of the user who was doing the operation Note: A SEQUENCE, an Oracle database object, is created to coordinate the assignment of sequential numbers IAU_ID for audit records. See Also: ■ Section C.4, WLST Commands for Auditing . ■ Section C.3, The Audit Schema