Configuring and Managing Auditing 12-21 Example jps-config.xml file Here is a sample file illustrating an audit policy: ?xml version=1.0 encoding=UTF-8 standalone=yes? jpsConfig xmlns=http:xmlns.oracle.comoracleasschema11jps-config-11_1.xsd xmlns:xsi=http:www.w3.org2001XMLSchema-instance xsi:schemaLocation=http:xmlns.oracle.comoracleasschema11jps-config-11_ 1.xsd schema-major-version=11 schema-minor-version=1 serviceProviders serviceProvider name=audit.provider type=AUDIT class=oracle.security.jps.internal.audit.AuditProvider serviceProvider serviceProviders serviceInstances serviceInstance name=audit provider=audit.provider property name=audit.filterPreset value=Low property name=audit.specialUsers value =admin, fmwadmin property name=audit.customEvents value =JPS:CheckAuthorization, CreateCredential; OIF:UserLogin property name=audit.loader.jndi value=jdbcAuditDB property name=audit.loader.interval value=15 property name=audit.maxDirSize value=102400 property name=audit.maxFileSize value=10240 property name= audit.loader.repositoryType value=Db serviceInstance serviceInstances jpsContexts default=default jpsContext name=default serviceInstanceRef ref=audit jpsContext jpsContexts jpsConfig

12.3.4.3 Switching from Database to File for Java Components

In rare instances, you may wish to revert from using a database data store to using a file for audit records. This requires manual configuration of the property audit.loader.repositoryType described in Table 12–1 . To switch from database to file, set the audit.loader.repositoryType to File. audit.loader.jndi For DB, the jndi datasource where audit events will be uploaded jdbcAuditDB audit.loader.interval Controls the frequency of audit loaders upload to database. Integer is in Seconds. 15 audit.maxDirSize Controls the size of the directory where the audit files will be written. Integer is in Bytes. 102400000 audit.maxFileSize Controls the size of a bus stop file where audit events are written. Integer is in Bytes. 10240000 Table 12–1 Cont. Audit Properties in jps-config.xml Property Description Example 12-22 Oracle Fusion Middleware Application Security Guide When you switch from database to file, events that were collected in the database are not transferred back to the file system. If this switch is temporary, the audit events collected in the file are automatically pushed to database when you switch to database store again.

12.3.4.4 Manually Configuring Audit for System Components

System components do not use the jps-config.xml file to store the audit configuration. Instead: ■ Oracle HTTP Server uses the auditconfig.xml file which is located in: ORACLE_INSTANCEinstance_nameconfigOHSohs_nameauditconfig.xml ■ Oracle Web Cache uses the auditconfig.xml file which is located in: ORACLE_INSTANCEinstance_nameconfigWebCachewebcache_nameauditconfig.xml ■ Oracle Reports uses the jps-config-jse.xml file which is located in: DOMAIN_HOMEconfigfmwconfigjps-config-jse.xml ■ Oracle Virtual Directory uses jps-config.-jse.xml file which is located in: ORACLE_INSTANCEinstance_nameconfigJPSjps-config-jse.xml ■ Oracle Internet Directory’s audit configuration is stored in the database. Format of the auditconfig.xml File Here is the format of the auditconfig.xml file: AuditConfig xmlns=http:xmlns.oracle.comiasauditaudit.xsd Filters -- FilterPreset can be None,Low,Medium,All or Custom. Default value: None -- FilterPresetLowFilterPreset -- Comma separated list of special users for whom auditing is always turned on. Default value: no users -- SpecialUsersu1,u2SpecialUsers -- In case of custom, a comma separate list of events that are to be enabled for auditing. Default value: no events -- CustomEventse1,e1CustomEvents Filters LogsDir -- Maximum dir size of the log directory busstop. 0 implies unlimited size. Default value: 0 -- MaxDirSize0MaxDirSize -- Maximum file size of each audit.log file. Default value: 100MB -- MaxFileSize104857600MaxFileSize LogsDir AuditConfig