General Questions

What is Oracle Cloud Infrastructure Audit?

Oracle Audit is a web service that automatically records calls to public application programming interface (API) endpoints for your Oracle Cloud Infrastructure tenancy. The service creates audit log events for each of these calls that can be viewed, retrieved, stored, and analyzed. These log events include information such as the ID of the caller, the target resource, the time of the recorded event, request parameters, and response parameters. You can access log events using the API, the Console, and the Java Software Development Kit (SDK).

What are the benefits of Oracle Cloud Infrastructure Audit?

The main benefit of Oracle Audit is to provide visibility into activities related to your Oracle Cloud Infrastructure resources and tenancy. Audit log events can be used for security audits, to track usage of and changes to Oracle Cloud Infrastructure resources, and to help ensure compliance with standards or regulations.

Is Oracle Cloud Infrastructure Audit available by default?

Yes. By default, Oracle Audit is turned on for every tenant. You cannot turn it off. Every tenant administrator has access to read audit log events in every compartment in the tenancy. To allow other groups of users to view and manage audit logs, you must configure a policy using Oracle Identity and Access Management (IAM).

Back to Top

 

Getting Started

How do I consume log events created by the Oracle Cloud Infrastructure Audit service?

When you create a compartment in your tenancy, Oracle Audit starts logging all activities that call public APIs. You can view these as log events in the audit section of the Console. Or, you can use the Java SDK to programmatically download events matching a specified time range. Log events are in JSON (JavaScript Object Notation) format and can be analyzed using standard log analysis tools. You cannot modify log events.

Who should have access to the audit logs?

By default, the tenant administrator has full access to the audit logs for the tenancy. Oracle Audit integrates with IAM to support a rich policy language that allows the administrator flexibility to grant READ access to other groups. Typically, you would create a group of users in each compartment that you allow access to audit log events for that compartment.

What is the retention period for Oracle Audit logs? Can I change the default retention period?

Oracle Audit stores logs for 365 days. The 365-day period starts from the time an event is processed and logged. If you want to store logs beyond 365 days, you can use the Java SDK to make a copy and archive the logs independently. However, you cannot change the default retention period.

How do I aggregate log files across compartments?

You can download audit log events from each compartment by using the Java SDK. The current API can only be used to filter log events and cannot be used for bulk transfer of log events or streaming log events.

Back to Top

 

Cost

What is the cost of Oracle Cloud Infrastructure Audit?

 

Oracle Cloud Infrastructure customers are entitled to Oracle Audit at no additional charge.

Back to Top

 

Audit Event Processing

What information is available in Oracle Audit log events?

A log file consists of a list of log events. Each log event reflects API activity on public API endpoints. Log events contain information about what happened, when it happened, and who did it.

A log event provides information to identify: the user who called the API, the time the activity occurred, the source IP, the region, and the request and response. For more information about the log event schema, see the documentation.

How long does it take to process and deliver an audit event into the log file?

It typically requires 15 minutes from the occurrence of the event to delivery of the log event to the Oracle Audit log file.

How often does Oracle Cloud Infrastructure Audit deliver audit events?

 

Oracle Audit typically delivers events every five minutes.

Back to Top

 

Service and Region Support

What services are supported by the Oracle Cloud Infrastructure Audit?

At release, Oracle Block Volumes, Compute, Database, Identity and Access Management, Load Balancing, and Networking use Oracle Audit to log events.

Are Oracle Audit events recorded for all regions?

 

Yes, Oracle Audit records events across all regions.

Back to Top

 

Oracle Audit Library

What is the Oracle Audit Processing SDK?

The Oracle Audit Processing SDK is a Java library that helps simplify building an application to enumerate and download audit log events. For more information, see the Oracle Audit SDK file.

What functionality does the Oracle Audit Processing SDK provide?

The Oracle Audit Processing SDK enables you to write an application that accesses the audit log events in all the compartments to which you have access. You can then use the SDK to enumerate events processed for a compartment during a specific time range.

We recommend you retrieve a maximum of one week of log events at a time. Using the SDK to perform a transfer of log events over an extended period of time is not recommended due to the size of the download.

What do I need to get started with the Oracle Audit Processing SDK?

You will need the Java library to use the Oracle Audit Processing SDK.

Back to Top

×
Call us now
1-800-633-0738 (United States)

Contact
×
Call us now
1-800-633-0738 (United States)

Technical Support

Oracle Cloud Discussion Forums

Chat
×
Considering a purchase? Let one of our Sales Representatives guide you through the process and connect you to a product specialist.

Live Cloud Chat
Contact cloud advocacy team for Oracle Cloud clarifications, trial assistance, technical and functional help or any non-sales related questions. You may also find answers to common questions in FAQ of selected product.