Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 E-mail Us
 Oracle Articles
New Oracle Articles

 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog

 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Oracle Support

 SQL Tuning

 Oracle UNIX
 Oracle Linux
 Remote s
 Remote plans
 Application Server

 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S


 Consulting Staff
 Consulting Prices
 Help Wanted!


 Oracle Posters
 Oracle Books

 Oracle Scripts

Don Burleson Blog 









Critical audit system features
Minimizing Auditing Performance Overhead, Real-time notification, and long-term retention of audit trails

Don Burleson


Minimizing Auditing Performance Overhead

Creating an unobtrusive auditing solution is a primary requirement for many shops.  Those companies who have tried to cobble-together auditing using generic database tools often find a huge overhead.  For example, Oracle shops are often tempted to use database "triggers", a generic mechanism that fires an event when a database object is changed.  The overhead of using database triggers is significant and can double the resources required to perform database updates, resulting in declining performance and unnecessary hardware stress.

Now, let's take a look at the characteristics of a successful enterprise data auditing solution.

Real-time notification of critical audit and security events

A comprehensive solution will allow for the ad-hoc definition of alert threshold events and provide a mechanism for real-time notification via e-mail, text mail or pager (Figure 5).  Successful companies apply sophisticated filters to the audit trails at data capture time and spot suspicious trends and patterns in data access.  Many of these companies report that these system pay for themselves in just a few months in cost savings from early-warning fraud detection.









Figure 5 - Critical real-time exception notification


Long-term retention of audit trails

Long-term data retention is often mandated by business practices and legal requirements and the auditing of data access has imposed a huge burden on many companies.  The archival storage of audit trails is often 95% of the company's data, yet it is only accessed 1% of the time (Figure 6)








Figure 6 - The anomaly of archival data

This data anomaly also presents challenges because of the temporal nature of the audit capture and the low volume of access.  Once lost, the data can never be reclaimed, and the sheer volume of data often means that media verification (duplicate parity checks) are prohibitive.

Reporting Value with Data Audits

In addition to meeting compliance regulations, many companies discover that they have a valuable data resource in their audit trails.  Home-grown solutions often lack an easy-to-use interface and analyzing the valuable hidden information in the audit trails is often impossible.   Ad-hoc interfaces are usually non-existent, and it can be extremely difficult to apply data mining techniques to detect unobtrusive patterns of fraud and access violations.  What's needed is an enterprise reporting capability that provides the means to derive business value from the audit data. 

Any online database is  nothing more than a fixed, point-in-time snapshot of the current information.  To get the whole picture you must add a temporal dimension to the database and develop mechanisms to harvest your time-series information (Figure 7).

In the following chart capitalization needs to be fixed (lower case "t" in "To" in headline.  Lower case "t" in "Trends"










Figure 7 - Time, the third dimension of Database Management

Even though disk costs fall 10x every year, online access to petabytes of audit data is prohibitive and this presents special challenges to the IT manager.  To confound the issue, simultaneous requests present a unique challenge because of the linear limitations of tertiary storage.  To minimize human intervention, the reporting solution must have these characteristics:

        An easy-to-use interface

        A mechanism to audit the audit request

        A complex status-tracking facility

        A notification and delivery mechanism for the completed report

        The ability to access audit information from the application layer, database layer and server layer

        The ability to access audit data from multiple database products

The reporting mechanism must be able to serve the needs of requests from the external community and support your in-house reporting needs.  The sheer volume of auditing data makes this reporting unique.  Answering this simple query might take hours, require mounting thousands of tapes, and involve reading trillions of bytes of data from multiple databases.

Get the Oracle auditing book, click here

For an excellent Oracle auditing product, click here



Oracle Training at Sea
oracle dba poster

Follow us on Twitter 
Oracle performance tuning software 
Oracle Linux poster


Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


Copyright © 1996 -  2020

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.