2.26 AUDIT_SYSLOG_LEVEL

AUDIT_SYSLOG_LEVEL allows SYS and standard OS audit records to be written to the system audit log using the SYSLOG utility.

Note:

This parameter is deprecated and applies only to traditional auditing. Oracle strongly recommends against the use of this parameter. If you attempt to set this parameter, you will incur the following errors:

  • ORA-32004: obsolete or deprecated parameter(s) specified for string instance
  • ORA-32006: AUDIT_SYSLOG_LEVEL initialization parameter has been deprecated

Traditional auditing is desupported starting in Oracle Database 23ai. Though traditional auditing is desupported, any current traditional audit settings that you have will still be honored. However, you cannot create new traditional audit settings. You can delete existing traditional audit settings. See Oracle Database Security Guide for more information about how this desupport works.

Property Description

Parameter type

String

Syntax

AUDIT_SYSLOG_LEVEL = 'facility_clause.priority_clause'

Syntax

facility_clause::=

{ USER | LOCAL[0 | 1 | 2 | 3 | 4 | 5 | 6 | 7] | SYSLOG | DAEMON | KERN | MAIL | AUTH | LPR | NEWS | UUCP | CRON }

Syntax

priority_clause::=

{ NOTICE | INFO | DEBUG | WARNING | ERR | CRIT | ALERT | EMERG }

Default value

There is no default value.

Modifiable

No

Modifiable in a PDB

No

Basic

No

Examples

 
AUDIT_SYSLOG_LEVEL = 'KERN.EMERG';
AUDIT_SYSLOG_LEVEL = 'LOCAL1.WARNING';

If you use this parameter, it is best to assign a file corresponding to every combination of facility and priority (especially KERN.EMERG) in syslog.conf . Sometimes these are assigned to print to the console in the default syslog.conf file. This can become annoying and will be useless as audit logs. Also, if you use this parameter, it is best to set the maximum length of syslog messages in the system to 512 bytes.

Note:

Audit records written to the system audit log could get truncated to 512 bytes, and different parts of the same audit record may not be joined to get the original complete audit record.

See Also:

Oracle Database Security Guide for information about configuring syslog auditing

If AUDIT_SYSLOG_LEVEL is set and SYS auditing is enabled (AUDIT_SYS_OPERATIONS = TRUE), then SYS audit records are written to the system audit log. If AUDIT_SYSLOG_LEVEL is set and standard audit records are being sent to the operating system (AUDIT_TRAIL = os), then standard audit records are written to the system audit log.

In a CDB, the scope of the settings for this initialization parameter is the CDB. Although the audit trail is provided per PDB in a CDB, this initialization parameter cannot be configured for individual PDBs.