Configuring and Managing Auditing 12-7 conditional [CDATA[{time}=00:00]] conditional action value=exec ORACLE_HOMEjdkbinjava -classpath COMMON_COMPONENTS_HOMEmodulesoracle.osdt_11.1.1osdt_cert.jar: COMMON_COMPONENTS_HOMEmodulesoracle.osdt_11.1.1osdt_core.jar: ORACLE_HOMEjdbclibojdbc5.jar: COMMON_COMPONENTS_HOMEmodulesoracle.iau_11.1.1fmw_audit.jar: COMMON_COMPONENTS_HOMEmodulesoracle.pki_11.1.1oraclepki.jar -Doracle.home=ORACLE_HOME -Doracle.instance=ORACLE_INSTANCE -Dauditloader.jdbcString=jdbc:oracle:thin:host:port:sid -Dauditloader.username=username oracle.security.audit.ajl.loader.StandaloneAuditLoader exception value=exec binecho PERIODICAL CALL For Audit Loader FAILED rmd rmd-definitions 3. Replace the existing RMD definition for audit loader; you need to modify only these values: ■ jdbcString - this is the database JDBC connection string; change this from the default string to a valid connection string. ■ username ■ interval - this is the interval in seconds at which audit records are pushed from the component’s bus-stop file to the audit store. By default the interval value is set very high 31536000 seconds so that the audit loader is effectively disabled. Change this to a reasonable interval such as 15 seconds. 4. Save and exit the file. 5. Ensure that ORACLE_HOME, ORACLE_INSTANCE , and COMMON_COMPONENTS_ HOME are defined. For example: ORACLE_HOME = u01oracleas11_oh ORACLE_INSTANCE = u01oracleinstancesinstance COMMON_COMPONENTS_HOME = MW_HOMEoracle_common 6. Populate the audit store password in the secret store. This is the password that you have specified when creating the audit schema in RCU: ORACLE_HOMEjdkbinjava -classpath COMMON_COMPONENTS_HOMEmodulesoracle.osdt_11.1.1osdt_cert.jar: COMMON_COMPONENTS_HOMEmodulesoracle.osdt_11.1.1osdt_core.jar: ORACLE_HOMEjdbclibojdbc5.jar: COMMON_COMPONENTS_HOMEmodulesoracle.iau_11.1.1fmw_audit.jar: COMMON_COMPONENTS_HOMEmodulesoracle.pki_11.1.1oraclepki.jar -Doracle.home=ORACLE_HOME -Doracle.instance=ORACLE_INSTANCE -Dauditloader.jdbcString=jdbc:oracle:thin:host:port:sid -Dauditloader.username=username -Dstore.password=true -Dauditloader.password=password oracle.security.audit.ajl.loader.StandaloneAuditLoader Note: Insert these lines after the ias-instance tag is closed. 12-8 Oracle Fusion Middleware Application Security Guide Enter the appropriate values for jdbcString, username, password. 7. Reload OPMN: ORACLE_INSTANCEbinopmnctl validate Validation step to verify edits ORACLE_INSTANCEbinopmnctl reload 8. Execute a scenario in an audited component to generate an audit event. 9. Check for errorsevents uploaded at ORACLE_ INSTANCEdiagnosticslogsOPMNopmnrmd.out. The output will look like this 80826 10:54:24 global:AuditLoader

12.2.4.1 Deconfigure the Audit Store

Since a database is the recommended store for audit records, switching from database to file mode is discouraged. However, if needed, you can use the same steps that were shown in the preceding task for configuring the audit store through the opmn.xml file to update the RMD definition to deconfigure the audit store. Locate the rmd-definitions element and replace the existing RMD definition for audit loader: ■ jdbcString - Change the database JDBC connection string back to the default string jdbc:oracle:thin:host:port:sid. ■ interval - Set this interval back to the default value of 31536000. Save and exit the file, and reload OPMN.

12.2.5 Tuning the Bus-stop Files

This section contains topics related to maintaining file-based storage of audit records, including: ■ bus-stop file locations ■ file size ■ directory size Location of Bus-stop Files Bus-stop files for Java components are located in: DOMAIN_HOMEserversSERVER_NAMElogsauditlogsComponent_Type Note: The above syntax is relevant to Linux. For Windows, substitute : with ; to separate the jars in the classpath. Note: If your system component runs in a clustered deployment, you must deconfigure the audit store at each instance of the component. Note: Manually purging audit files to free up space is not recommended. Instead, use file and directory sizing features to control space, as described below.