Manage Audit File Directory Growth with cron (Doc ID 1298957.1)

Step 1 - Identify the ASM audit directories
There are three directories that may contain audit files.  All three must be managed to control excessive growth.

Two default locations are based on environment variable settings when the ASM instance is started.  To determine the default locations for your system, login as the Grid Infrastructure software owner (typically either oracle or grid), set your environment so that you can connect to the ASM instance, then run the 'echo' commands provided below.  In this example, the two default audit directories are /u01/app/11.2.0/grid/rdbms/audit and /u01/app/oracle/admin/+ASM1/adump.


$ . /usr/local/bin/oraenv
ORACLE_SID = [+ASM1] ? +ASM1
The Oracle base for ORACLE_HOME=/u01/app/11.2.0/grid is /u01/app/oracle

$ echo $ORACLE_HOME/rdbms/audit
/u01/app/11.2.0/grid/rdbms/audit

$ echo $ORACLE_BASE/admin/$ORACLE_SID/adump
/u01/app/oracle/admin/+ASM1/adump


The third ASM audit directory can be found by logging into the ASM instance with SQL*Plus and running this statement:


$ sqlplus '/ as sysasm'

SQL> select value from v$parameter where name = 'audit_file_dest';

VALUE
--------------------------------------------------------------------------------
/u01/app/11.2.0/grid/rdbms/audit

All three ASM audit directories will be managed with cron(8).

Step 2 - Give Grid Infrastructure software owner permission to use cron
Audit files are owned by the Grid Infrastructure software owner, which is typically either oracle or grid.  Commands to move or remove audit files must be run as the Grid Infrastructure software owner.  As root, add the Grid Infrastructure software owner to /etc/cron.allow file.  The examples below use the user oracle.


# echo oracle >> /etc/cron.allow



Step 3 - Add command to crontab to manage audit files weekly
As the Grid Infrastructure software owner, add an entry to the crontab file.  The following command will start a vi(P) command edit session to edit the existing crontab file or create a new crontab file if one does not already exist.


$ crontab -e


 Add the following to this file as a single line:


0 2 * * sun /usr/bin/find /u01/app/11.2.0/grid/rdbms/audit /u01/app/11.2.0/grid/rdbms/audit /u01/app/oracle/admin/+ASM1/adump -maxdepth 1 -name '*.aud' -mtime +30 -delete

This crontab entry executes the find(1) command at 2AM every Sunday. The find(1) command deletes all audit files in the three ASM audit directories that are older than 30 days.

If you wish to retain audit files for a longer period of time, instead of deleting the audit files with the find(1) command, you can archive audit files to a different directory or storage device using a crontab entry like the following:


0 2 * * sun /usr/bin/find /u01/app/11.2.0/grid/rdbms/audit /u01/app/11.2.0/grid/rdbms/audit /u01/app/oracle/admin/+ASM1/adump -maxdepth 1 -name '*.aud' -mtime +30 -execdir /bin/mv {} /archived_audit_dir \;

This crontab entry executes the find(1) command at 2AM every Sunday. The find(1) command moves all audit files in the three ASM audit directories that are older than 30 days to /archived_audit_dir.


Save and exit the crontab file using vi commands (<ESC> :wq), then verify crontab contents.

$ crontab -l
0 2 * * sun /usr/bin/find /u01/app/11.2.0/grid/rdbms/audit /u01/app/11.2.0/grid/rdbms/audit /u01/app/oracle/admin/+ASM1/adump -maxdepth 1 -name '*.aud' -mtime +30 -delete



Troubleshooting