Enterprise Manager has additional auditing that is available for purposes of tracking and validating infrastructure actions performed in Enterprise Manager, including jobs and credentials accessed. Basic and infrastructure auditing is enabled by default for Enterprise Manager.

To enable audit for a subset of audited operations, please use the following EMCLI verb:

$ emcli update_audit_settings -audit_switch="ENABLE/DISABLE" -operations_to_enable="name of the operations to enable,for all operations use ALL" -operations_to_disable="name of the operations to disable, for all operations use ALL"

For example to audit only logon/logoff you would issue:

$ emcli update_audit_settings –audit_switch="ENABLE" –operations_to_enable="LOGIN;LOGOUT"

For the list of operations that are audited by Enterprise Manager, see Configuring and Managing Audit.

In Enterprise Manager, there are over 150 options for auditing. The following command shows the list of operations that can be audited by Enterprise Manager:

$ emcli show_operations_list

The following example shows the output of this command.

$ ./emcli show_operations_list
Operation ID                      Operation Name               Infrastructure Operation                    
ADD_AGENT_REGISTRATION_PASSWORD   Add Registration Password         NO
ADD_CS_TARGET_ASSOC               Add Standard-Target Association   NO
AGENT_REGISTRATION_PASSWORD_USAGE Registration Password Usage       NO
AGENT_RESYNC                      Resync Agent                      NO
AG_AUD_CREATE                     Create Administration Groups      NO
AG_AUD_DELETE                     Delete Administration Groups      NO
AG_AUD_MODIFY                     Modify Administration Groups      NO
APPLY_TEMPLATE                    Apply Monitoring Template         NO
APPLY_UPDATE                      Apply Update                      YES  
ATTACH_MEXT                       Attach Metric Extension           NO 

Once audit is enabled, the audit records are kept in MGMT$AUDIT_LOG view in the Repository. Use Enterprise Manager console to monitor the audit data as user with Super Administrator, click Setup, Security, and select Audit Data.

The externalization service via EMCLI verb update_audit_settings externalizes the audit data from the Repository to an external file system on a regular basis. Make sure there is enough space in the directory for the audit log files.

$ emcli update_audit_settings -file_prefix=<file_prefix> -directory_name=<directory_name> -file_size = <file size> -data_retention_period=<period in days>

The following example shows that the audit data will be retained in the Repository for 14 days and once exported the data will be stored in the OS directory that corresponds to database directory AUDIT with file names prefixed with gc12_audit, and the file size will be 50M bytes each:

$ emcli update_audit_settings -externalization_switch=ENABLE -file_prefix=gc12_audit -directory=AUDIT -file_size=50000000 -data_retention_period=14

Achieve separation of duties by restricting the access to the directory where the externalized audit data is stored. No Enterprise Manager users should have access to the externalized audit data.