The format of Audit log file

Similar Messages

• Any software/program that can read audit log files

  Hi,
  Currently i am searching for a program/tools that can read audit log files and format it into a readable format. Anyone know is there any in the market or any open source program?
  Thank You.

  Not sure what you mean by "audit log".
  Anyway. Pete Finnigan's tools page has only one thing that might be what you're looking for - LMON, which runs on BSD, Solaris, Linux. As he's the go-to guy for Oracle security the chances of there being a good free log analyzer tool that he hasn't heard of is slight.
  Cheers, APC

• Oblix v7 audit log file missing

  Hi,
  I'm using oblix v7.
  I have enabled audit logs and specified the file name as: C:\audit33.txt
  But on the machine there is no such file. It is somehow missing.
  The same configuration works on another machine.
  Any idea why the audit log file is missing?
  Thanks.
  Sash.

  I response myself.
  There is no way to set the Date/Time format to any other than UTC for the OAM component logs
  See note 742777.1 for deeph information.
  Julio.

• Bad date recorded by AccessServer in Audit Log File

  Hi all,
  I have installed OAM and configure Audit Log File to AccessServer:
  Access System Configuration >> Access Server Configuration >> and put ON "Audit to File"
  The log is recorded OK, but when compare the date writed in log file with SO date, there are 6hs of diference
  LOG FILE
  01\/28\/2009 *00:18:07* \-0500 - AUTHZ_SUCCESS - GET - AccessServer - 192.168.3.105 - sec.biosnettcs.com\/access\/oblix\/lang\/en\-us\/msgctlg.js - cn=orcladmin\,cn=Users\,dc=biosnettcs\,dc=com - 00:18:07 - http - AccessGate - - 2
  SO date
  # date
  mar ene 27 *18:18:15 CST* 2009
  # date -u
  mié ene 28 *00:18:23 UTC* 2009
  How we can see in this lines the audit log is recording date in UTC, but a need this in the timezone setted in SO.
  How can do this (print date in audit log file with the same timezone setted by SO)??
  Thaks in advance,
  Julio

  I response myself.
  There is no way to set the Date/Time format to any other than UTC for the OAM component logs
  See note 742777.1 for deeph information.
  Julio.

• BOE XI 3.1 Removing Audit log files

  Hi there experts,
  we have an issue with our production BOE install (3.1 SP7) whereby we have over 39,000 audit log files awaiting processing in the BOE_HOME/auditing folder. These audit files were generated a few months back when we had an issue with the system whereby thousands of scheduled events were created, we are not sure how. The removal of these events has had a knock on effect in that we have too many audit files to process, ie the system just cant process them all quickly enough.
  So my question is can we just remove these audit files from the auditing directory with no knock on effects as we dont need them loading into the audit database anyways as they are all multiples of the same event.
  As an aside when we upgraded from SP3 to SP7 the problem went away, ie no new audit files for these delete events being generated. We are still to establish how/why these audit events were created but for the time being we just want to be able to remove them. Unfortunately as its a production system we don't want to just take a chance and remove them without some advice first.
  thanks in advance
  Scott

  Is your auditing running now? Or still pending? Can you check in Audit DB, what is the max(audit_timestamp? This will tell you when was the recent actvitiy happened.
  Deleting the audit files, will not harm to your BO system. You will not be able to see auditing details for that period.
  Is the new auditing files are processed? or you still see the files created in auditing folder without processing?
  If the auditing file size shows 0 okb, than it means they were processed.

• Maximum number of events per audit log file must be greater than 0.

  BOE-XI (R2)
  Windows Server 2003
  Running AUDIT features on all services.
  Report Application Server (RAS) keeps giving the following error in the Windows Application Event Log.
  Maximum number of events per audit log file must be greater than 0.  Defaulting to 500.
  I am assuming that this is because the RAS is not being used by anyone at this time - and there is nothing in the local-audit-log to be copied to the AUDIT database.
  Is there any way to suppress this error...?
  Thanks in advance for the advice!

  A couple more reboots after applying service pack 3 seemed to fix the issue.
  Also had to go to IIS and set the BusinessObjects and CrystalEnterprise11 web sites to use ASP .NET 1.1 instead of 2.

• Do we need to format data and log files with 64k cluster size for sql server 2012?

  Do we need to format data and log files with 64k cluster size for sql server 2012?
  Does this best practice still applies to sql server 2012 & 2014?

  Yes.  The extent size of SQL Server data files, and the max log block size have not changed with the new versions, so the guidance should remain the same.
  Microsoft SQL Server Storage Engine PM

• Changing the Naming convention of Log Files

  Hi,
  Is there a way to change the naming convention of log files. Instead of
  00000000.jdb, 00000001.jdb, ... to
  DB000000.jdb, DB000001.jdb etc
  Thanks in advance.

  No, there isn't a way to do that. We didn't anticipate a need to do that -- could you please explain the need?
  Putting a prefix on the file name would unnecessarily limit the total size of the data set, if file names are limited to the 8.dot.3 format as you've shown.
  --mark                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• How to delete the data in archived log files

  hi
  how can i delete the enteries in archived log files. and what is the disadvantage of deleting archived log enteries.

  There is no documented way to delete data stored in archived log files: you can only remove the archived log files if needed.

• How to increase the size of Redo log files?

  Hi All,
  I have 10g R2 RAC on RHEL. As of now, i have 3 redo log files of 50MB size. i have used redo log size advisor by setting fast_start_mttr_target=1800 to check the optimal size of the redologs, it is showing 400MB. Now, i want to increase the size of redo log files. how to increase it?
  If we are supposed to do it on production, how to do?
  I found the following in one of the article....
  "The size of the redo log files can influence performance, because the behavior of the database writer and archiver processes depend on the redo log sizes. Generally, larger redo log files provide better performance, however it must balanced out with the expected recovery time.Undersized log files increase checkpoint activity and increase CPU usage."
  I did not understand the the point however it must balanced out with the expected recovery time in the above given paragraph.
  Can anybody help me?
  Thanks,
  Praveen.

  You dont have to shutdown the database before dropping redo log group but make sure you have atleast two other redo log groups. Also note that you cannot drop active redo log group.
  Here is nice link,
  http://www.idevelopment.info/data/Oracle/DBA_tips/Database_Administration/DBA_34.shtml
  And make sure you test this in test database first. Production should be touched only after you are really comfortable with this procedure.

• Is the disk equal to log files and other questions?

  In the web page http://www.oracle.com/technology/documentation/berkeley-db/je/GettingStartedGuide/introduction.html#dplfeatures, there is a statement, " The checkpointer is responsible for flushing database data to *disk* that was written to cache as the result of a transaction commit ".
  I wonder if the disk here means log files under the JE home directory.
  From my understanding of these documents and other web resources, the check pointer is to write records in Cache to Log files (disk), and then cleaner is to reorganize and then to remove unused log files. For the records in a Cache, they are brought from disk to Cache by querying the index organized in a B-Tree structure, and the In-Compressor is to delete some empty internal nodes of B-Tree.
  I wonder if the above is right to describe relations among these components, check pointer, cleaner, B-Tree and In-Compressor.
  Thanks for your help!
  Best,
  Jiangfan

  Jiangfan Shi wrote:
  I wonder if the disk here means log files under the JE home directory. Yes.
  I wonder if the above is right to describe relations among these components, check pointer, cleaner, B-Tree and In-Compressor. Yes.

• I can't get this script to produce output to the screen or a log file

  I can't get this script to produce output to the screen or a log file of the select statement results as they are executed.
  SET SERVEROUTPUT ON size 100000
  DECLARE
  v_schema     Varchar2(50);
  v_statement      Varchar2(500);
  v_name varchar2(30);
  v_id varchar2(8);
  v_pwd varchar2(16);
  v_acct varchar2(16);
  CURSOR get_schemas IS
  SELECT DISTINCT owner
  FROM all_tables
  WHERE table_name = 'USERID'
  ORDER BY owner;
  BEGIN
  OPEN get_schemas;
  LOOP
  FETCH get_schemas INTO v_schema;
  EXIT WHEN get_schemas%NOTFOUND;
            v_statement := 'SELECT name,usid,passwd,acctnum INTO v_name,v_id,v_pwd,v_acct FROM '||v_schema||'.userid';
            execute immediate v_statement;
            DBMS_OUTPUT.PUT_LINE('Name='||v_name||' ID='||v_id||' PW='||v_pwd||' AC='||v_acct);          
  END LOOP;
  CLOSE get_schemas;
  END;
  /

  Duplicate post.
  When I run this script nothing is output to the screen or spooled to a file

• "Lightrrom couldn't update the format of its catalog file and must quit. ..".

  I had no trouble updating my small catalogs but my large one I tried several times. After around 45 minutes I see a dialog box that says
  "Lightroom couldn't update the format of its catalog file and must quit. Your previous catalog will be restored".
  Any help on how I can get LR to open the catalog. No problems with the integrity check. The catalog was working just fine in version 1.0.

  I had the same issue.
  Fortunately I had backed up up my db before the upgrade.
  I exited then restarted LR and created a new db - so it would start.
  With my backup copied to a safe location I then opened the backup db. The conversion completed successfully and everything appears OK.
  Hope this may help
  Rob

• I get the following error: Error log file location: /Library/Logs/Adobe/Installers

  I get the error U44M1P7 Error log file location: /Library/Logs/Adobe/Installers
  Does anyone have an idea what I need to do?  Thanks

  Did you ever find a solution? I am in sort of the same boat. I even had an Adobe rep try to help me. For some reason my Adobe App Manager does not work on my Macbook. It orginally did but one day it just would not launch. After numerous attempts of uninstalling and re-installing without success, the only workaround solution was to create another user on my Macbook and install the Application Manager on that user's account. I can then download the apps / programs and updates from there. When I log out of that user and back into my main account the Adobe programs work....well most of them. I have noticed that certain programs, like Muse will launch and work correctly under my second user account but it will not luanch without error on the main account.
  The fact that no one at Adobe seems to be able to provide a solution is frustraing. Everything worked fine one day, then its all messed up. Switching users is not an ideal solution at all.

• What is the extension for debug log file name?

  Hi,
  1) Please let me know what is the extension for debug log file....
  is it .dbg or .log ?
  in one of the sr the service engineer asked to put .log as the extension is this correct?
  here is what he said...
  a) Enable the following Profiles at user level:
  OM: Debug Level = 5
  INV: Debug Trace = YES
  INV: Debug Level = 11
  INV: Debug File = [directory value from above query]/logfilename.log
  (make sure that you have write permission for this file and directory)
  WSH: Debug Enabled - Yes
  WSH: Debug Level - Statement
  2) do the end-user (for whom trace is enabled) need to have read and write permissions on the directory and the log file?
  Thanks
  Raju

  user652672 wrote:
  1) Please let me know what is the extension for debug log file....
  is it .dbg or .log ?
  INV: Debug File = [directory value from above query]/logfilename.log
  (make sure that you have write permission for this file and directory) It is what you set in the value of "INV: Debug File" profile option (according to the above value, it will be logfilename.log).
  2) do the end-user (for whom trace is enabled) need to have read and write permissions on the directory and the log file?No, just make sure the directory is writable by the oracle and applmgr users.