We’re excited to announce that Oracle Data Safe can now monitor the database activity of Active Data Guard configurations for Oracle Database on Oracle Exadata Database Service on Dedicated Infrastructure (formerly known as Exadata Cloud Service) and Oracle Base Database Service (formerly known as Oracle Database Cloud Service).
Active Data Guard (ADG) is an evolution of Oracle Data Guard technology that incorporates significant innovation designed for a specific purpose – to offload work from the production database, freeing up resources for critical transactions. ADG enables read-only access to a physical standby database while redo application is active. Workloads such as reporting, analytics, backups, queries, and even occasional writes (a new ADG feature as of Oracle Database 19c) can be offloaded from the production system to a synchronized physical standby database. These workloads would otherwise consume valuable resources on the primary production site; therefore, ADG saves valuable CPU and I/O cycles and promotes efficient use of system resources in the configuration. Since ADG opens up standby databases for read/write workloads, most regulatory and compliance requirements emphasize the need to monitor the database activity on standby databases, though less rigorously compared to the primary production database.
Data Safe now provides a single pane of glass monitoring database activity for all the database peers in an ADG configuration (including the primary database and all the associated standby databases) without worrying about redundant audit record collection. A brief insight into the mechanism within Oracle Database auditing that enables the feature in Data Safe explains why this is important.
Unified audit records within the Oracle Database are written to a table in the AUDSYS schema called AUD$UNIFIED. When the database is not writable (typically occurs when the database is closed or is read-only as in ADG), the Oracle Database writes audit records to external operating system spillover .BIN files. The audit data of the spillover files is presented in the view GV$UNIFIED_AUDIT_TRAIL.
The view UNIFIED_AUDIT_TRAIL is a UNION ALL of the table AUDSYS.AUD$UNIFIED and the view GV$UNIFIED_AUDIT_TRAIL.
The capability to monitor audit records from standby databases is built into the UNIFIED_AUDIT_TRAIL since unified audit was introduced in Oracle Database 12c. However, because audit records from the primary database (written to the database table AUD$UNIFIED) are captured in redo and replicated to the standby, it was challenging to separate activity on the standby from activity on the primary. Oracle Database 19c Release Update 21 (19.21) introduced a new column, SOURCE, in UNIFIED_AUDIT_TRAIL, making it easy to differentiate the origin of audit records. That new column helps avoid redundant audit record collection from ADG.
Figure1: Unified audit trail with SOURCE column to differentiate the origin of audit records
Leveraging the SOURCE column value in the UNIFIED_AUDIT_TRAIL view enables Data Safe to monitor the entire ADG configuration with a single primary database and multiple standby databases as a single target with multiple unified audit trails. The primary database in the ADG (as identified by the system-generated failover connection string with role-based database service) has an audit trail to collect from the database table AUDSYS.AUD$UNIFIED by querying the UNIFIED_AUDIT_TRAIL view with SOURCE set to DATABASE. Each database in the ADG will have an audit trail to collect from that database’s corresponding spillover files by querying the UNIFIED_AUDIT_TRAIL view with SOURCE set to FILE.
A sample monitoring configuration for an ADG with one primary and two standby databases is represented here.
Figure2: Database activity monitoring of ADG as a single target with multiple unified audit trails
Once you register the primary, along with any ADG peers, in Data Safe as a database target, the associated audit profile contains the details of the multiple audit trails discovered automatically from the metadata. The audit trails will have an indicator (FILE or TABLE) to identify the SOURCE of audit records, as shown here.
Figure3: Audit profile of the single ADG target with multiple unified audit trails in Data Safe
Collecting unified audit records in Data Safe commences once you start the corresponding audit trails, and audit reports show the ADG target’s audit events from the primary and standby databases.
Sample login activity report of the ADG target is shown here with audit events from both primary and standby databases. The column database unique name lets you correlate activity to the specific database in the ADG target where the audit event was triggered.
Figure4: Audit report in Data Safe of the ADG target showing audit events from all the databases
In a nutshell, Data Safe provides a single pane of glass monitoring database activity for all the Oracle databases in ADG configuration as a single target with multiple unified audit trails.
Refer to this video to learn more about it and see a short demo: Monitoring database activity of Oracle Active Data Guard.
To learn more, see the following resources:
- Unified audit trail with SOURCE column starting with Oracle Database 19c Release Update 19.21
- Registering ADG target with peers in Administering Oracle Data Safe
- Managing audit trails of ADG targets in Using Oracle Data Safe
- For a hands-on tour, visit our Data Safe tutorials on Oracle LiveLabs
Angeline Dhanarani
Senior Principal Product Manager, Oracle Database Security
Angeline Dhanarani is the Senior Principal Product Manager in the Oracle Database Security team, responsible for core database audit and activity monitoring capabilities in Oracle Data Safe. With 20+ years of experience, Angeline is involved in many customer engagement activities for over a decade at Oracle, and is responsible for all Database Security features and products for regions -APAC and Japan. Angeline helps Oracle customers adopt comprehensive database security strategies and closely works with the engineering team to define the product roadmap for audit and activity monitoring.