Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000029915 - How to create a compressed tar archive of the Oracle audit files in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support on Jul 20, 2020

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000029915
Applies To	RSA Product Set: RSA Identity Governance & Lifecycle RSA Version/Condition: All Platform (DB): Oracle 11.x, 12.x
Issue	The Oracle database audits certain SQL commands and connections and logs this information into audit files (.aud) on the Linux file system. These files accumulate over time and should periodically be cleaned up to regain disk space. Because of certain audit requirements, attempts to archive or purge these files using normal commands may fail. For example, using a typical tar command would result in a too many arguments error. This RSA Knowledge Base Article explains how to use the tar command to create a gzipped tar file of the audit files without error.
Resolution	To create a gzipped tar file of the .aud files in the audit directory, follow these steps: Find the location of the .aud files The .aud files are located in the directory specified by the audit_file_dest parameter. Login to SQLPlus as SYSDBA $ sqlplus / as sysdba* SQL> show parameter audit; The default value is $ORACLE_HOME/admin/{SID}/adump. (in this example, $ORACLE_HOME/admin/AVDB/adump.) NOTE: Audit logs may also be found in $ORACLE_HOME/product/{version}/db_1/rdbms/audit. Go to the directory with the audit files. As the oracle or root user cd $ORACLE_HOME/admin/AVDB/adump Execute this command to create the tar file: *tar zcvf audit_`date +%Y%m%d_%H%M%S`.tar.gz --remove-files --exclude=.tar.gz . 2> /dev/null** The command will begin to echo each file that is being archived. As it archives each file, it will remove it from the folder. The exclude statement in the command ensures that subsequent runs will not include the previous archive file in the current archive The 2> omits an expected error at the end of the command completion where it attempts to remove (rmdir) the current non-empty directory. A gzipped tar file is created in the format: <date and time>.tar.gz

Attachments

Outcomes

0 Comments

Recommended Content