Your search did not match any results.
Oracle Audit is a web service that automatically records calls to public application programming interface (API) endpoints for your Oracle Cloud Infrastructure tenancy. The service creates audit log events for each of these calls that can be viewed, retrieved, stored, and analyzed. These log events include information such as the ID of the caller, the target resource, the time of the recorded event, request parameters, and response parameters. You can access log events using the API, the Console, and the Java Software Development Kit (SDK).
The main benefit of Oracle Audit is to provide visibility into activities related to your Oracle Cloud Infrastructure resources and tenancy. Audit log events can be used for security audits, to track usage of and changes to Oracle Cloud Infrastructure resources, and to help ensure compliance with standards or regulations.
Yes. By default, Oracle Audit is turned on for every tenant. You cannot turn it off. Every tenant administrator has access to read audit log events in every compartment in the tenancy. To allow other groups of users to view and manage audit logs, you must configure a policy using Oracle Identity and Access Management (IAM).
By default, the tenant administrator has full access to the audit logs for the tenancy. Oracle Audit integrates with IAM to support a rich policy language that allows the administrator flexibility to grant READ access to other groups. Typically, you would create a group of users in each compartment that you allow access to audit log events for that compartment.
Oracle Audit stores logs for 365 days. The 365-day period starts from the time an event is processed and logged. If you want to store logs beyond 365 days, you can use the Java SDK to make a copy and archive the logs independently. However, you cannot change the default retention period.
You can download audit log events from each compartment by using the Java SDK. The current API can only be used to filter log events and cannot be used for bulk transfer of log events or streaming log events.
Oracle Cloud Infrastructure customers are entitled to Oracle Audit at no additional charge.
A log file consists of a list of log events. Each log event reflects API activity on public API endpoints. Log events contain information about what happened, when it happened, and who did it.
A log event provides information to identify: the user who called the API, the time the activity occurred, the source IP, the region, and the request and response. For more information about the log event schema, see the documentation.
It typically requires 15 minutes from the occurrence of the event to delivery of the log event to the Oracle Audit log file.
Oracle Audit typically delivers events every five minutes.
At release, Oracle Block Volumes, Compute, Database, Identity and Access Management, Load Balancing, and Networking use Oracle Audit to log events.
Yes, Oracle Audit records events across all regions.
The Oracle Audit Processing SDK is a Java library that helps simplify building an application to enumerate and download audit log events. For more information, see the Oracle Audit SDK file.
The Oracle Audit Processing SDK enables you to write an application that accesses the audit log events in all the compartments to which you have access. You can then use the SDK to enumerate events processed for a compartment during a specific time range.
We recommend you retrieve a maximum of one week of log events at a time. Using the SDK to perform a transfer of log events over an extended period of time is not recommended due to the size of the download.
You will need the Java library to use the Oracle Audit Processing SDK.