Wednesday, May 15, 2019
Archive and Clean Unified Audit Trail
/*
Name: Archive_unified_audit_trail
Desc: A PL/SQL procedure to cleanup unified audit trail with an option to archive data to an external table
Parameters:
p_keep_days: Data Retention policy, specified in number of days,
for AUD$UNIFIED table. Data for the current day (today) is always
retained in AUD$UNIFIED
0 - All audit records older than today will be cleaned up
>0 - All audit records older than days specefied will be cleaned up
p_archive_flag: A flag to indicate whether audit records should be archived to
an external table before doing clean-up
Y - Archive audit records
p_archive_dir: An Oracle directory object to specify the location
where external table should be created
Examples:
Cleanup audit trail records older than 10 days.
Archive audit records to a location specified by dbadpdir.
SQL> exec archive_unified_audit_trail (10,'Y','dbadpdir') ;
*/
CREATE OR REPLACE procedure archive_unified_audit_trail
(p_keep_days in number,
p_archive_flag in varchar2,
p_archive_dir IN VARCHAR2)
is
lv_sql VARCHAR2(1024);
lv_sql_2 VARCHAR2(1024) ;
lv_ext_table_name VARCHAR2(64);
lv_min_tstamp TIMESTAMP;
lv_max_tstamp TIMESTAMP;
lv_count NUMBER;
lv_count_ext NUMBER ;
begin
select min(event_timestamp), max(event_timestamp), count(*)
into lv_min_tstamp, lv_max_tstamp, lv_count
from audsys.aud$unified
where event_timestamp < trunc(sys_extract_utc(systimestamp)) - p_keep_days ;
dbms_output.put_line('Record Count: ' || lv_count);
if (lv_count > 0) and ( p_keep_days >= 0 )
then
-- archive data if flag is set to Y
if upper(p_archive_flag) = 'Y'
then
lv_ext_table_name := 'aud$unified_' ||
to_char(lv_min_tstamp,'MMDDRRHH24MISS') || '_'
|| to_char(lv_max_tstamp,'MMDDRRHH24MISS') ;
lv_sql :='create table '|| lv_ext_table_name|| chr(10) ||
'organization external (type oracle_datapump default
directory '|| p_archive_dir || chr(10) ||
'access parameters (nologfile) '|| ' location('''||
lv_ext_table_name|| '.dmp''))' || chr(10) ||
'as select * from audsys.aud$unified ' || chr(10) ||
'where event_timestamp <
trunc(sys_extract_utc(systimestamp)) - ' ||p_keep_days ;
dbms_output.put_line('External Table Script:');
dbms_output.put_line(lv_sql);
execute immediate lv_sql ;
lv_sql_2 := 'select count(*) from ' || lv_ext_table_name ;
execute immediate lv_sql_2 into lv_count_ext ;
dbms_output.put_line('Record Count in External Table: '
||lv_count_ext);
end if;
-- modified before this time. Doesn't include time specified here.
-- time in UTC
if ( lv_count = lv_count_ext )
then
dbms_audit_mgmt.set_last_archive_timestamp(
audit_trail_type => dbms_audit_mgmt.audit_trail_unified,
last_archive_time => trunc(sys_extract_utc(systimestamp)) -
p_keep_days);
dbms_audit_mgmt.clean_audit_trail(
audit_trail_type => dbms_audit_mgmt.audit_trail_unified,
use_last_arch_timestamp => true );
else
dbms_output.put_line('Record count in exteranl table do NOT match.
AUD$UNIIFED not purged.');
end if;
else
dbms_output.put_line('Nothing to archive/purge or
parameter p_keep_days is not >=0');
end if;
end;
/
Subscribe to:
Comments (Atom)