Oracle database audit file housekeeping methods – adump purge

oracle audit trace file housekeeping

For Oracle database,SYS, SYSDBA or SYSOPER connections to the Oracle database are always audited. Sometimes this can lead to the creation of an excessive number of audit files.
When this is considered to be a problem it cannot be solved at the database side and it must be investigated why the ‘client’ applications including Oracle Enterprise Manager (OEM) Components and agents are connecting so frequently as SYSDBA/SYSOPER. So this type of auditing mandatory in the Oracle database and can NOT be turned off.
However the amount of audited information depends on AUDIT_SYS_OPERATIONS parameter that allows the addition audit of all statements issued by SYS/SYSDBA/SYSOPER in the same OS audit trail file.
In case the parameter AUDIT_SYS_OPERATIONS=TRUE Oracle audits not only SYS/SYSDBA/SYSOPER connection details but also their SQL operations. In any case the audit files with the name like sid_ora__instance#.aud are created in audit_file_dest location on Unix or linux.

sql*plus> show parameter audit
 NAME                                 TYPE        VALUE
 ------------------------------------ ----------- ------------------------------
 audit_file_dest                      string      /opt/app/oracle/admin/orcl/ adump
 audit_sys_operations                 boolean     FALSE

See below one of the methods of purging those audit files on Unix using a simple Unix command based on foll– Deletion of files older than 40 days

Default System Audit files location: $ORACLE_BASE/admin//adump/.trc files can be purged by adrci command

$ find /u01/app/oracle/SID/adump/ -name '*.aud' -mtime +40 -exec rm -f {} \;

注：查找的对象必须要 在单引号引用，否则会出现如下报错：
-bash: /usr/bin/find: Argument list too long