If you need to access the audit trail directly from database then what you have to do is simple. First query the audit_trail table. You'll see several lines for a single cikey. Convert chunks to binary and concatenate all rows for a cikey but do this for each block separately. Finally uncompress it and what you'll get is a raw audit trail xml. You can convert it to table or just search a specific keyword or even you can code your own display engine if you don't like the oracle's em console.
For me this function is important because for an archived instance I don't have to move the instance to production in order to see the audit trail.
Function works for both 10g and 11g. I didn't have the chance to test 12c but if audit_trail is still there then I think it will work for 12c as well..
You will need blob_to_clob function. you can get it from here; http://www.dba-oracle.com/t_convert_blob_to_clob_script.htm
create or replace function get_audit_xml(vcikey in number) return clob is
tmpblob blob;
vblob blob;
audit_trail clob:='<audit_trail>';
begin
for b in (select distinct block from audit_trail where block=1 and cikey=vcikey order by 1)
loop
tmpblob:=to_blob('0');
vblob:=to_blob('0');
for x in (select row_number() over (order by count_id) row_num ,to_blob(log) chunk from audit_trail where cikey=vcikey and block=b.block)
loop
if(x.row_num=1) then
tmpblob:= x.chunk;
else
dbms_lob.append(dest_lob => tmpblob,src_lob => x.chunk);
end if;
end loop;
utl_compress.lz_uncompress(src => tmpblob, dst => vblob);
audit_trail:=audit_trail||blob_to_clob(vblob);
end loop;
return audit_trail||'</audit_trail>';
end get_audit_xml;
You can use this function in your posts or website but please give credit to my blog when doing this.
ps: changed rownum to row_number..
ReplyDeleteHi Evren,
ReplyDeleteIt seems that this works in 11g however it does not work properly in 12c. The AUDIT_TRAIL table still has a column called LOG of RAW (2000) datatype just like in 11g. However when I try this function in 12c I get some of the characters garbled, seems like charset or multibyte issues while converting the BLOB from RAW chunks. Some of the text content within nodes of Audit Trail XML do get printed out fine but all the XML structure (including note/attribute names etc) get garbled.
I am trying to figure out, can you please try as well if you can get it working in 12c.
Sample outputs(first few characters)
11g:
��z ...some more garbled characters...
N System N Info N� New instance of BPEL process "6.0.47" initiated
Hi, Sorry I dont have any 12c soa suite installed under my hands to play but I have plans to do it very soon. RAW to Blob can be the problem or worse they may decide to store audit_trail as a serialized java class. If this is the case then you may see some meaningful words with binary chars after decompressing.
DeleteI will let you know as soon as possible after I try with 12c
Hi Evren, Did you get a chance to do the same in 12c? Can you please share the code?
DeleteHi sorry for late answer :) we are recently upgrading to 12c and relalized that audit trail is now stored as pof serialized object. So in order to get xml you have to alternatives; first is using java api and the other is using a java code that queries the audit_trail table and deserialize the binary object using coherence libraries. I am trying to do the second in database (running java code on db). If I can achieve that I will post it here.
DeleteThanks for your response Evren. It seems Audit Details BLOB (Which is directly a BLOB column in both 11g and 12c) parses fine by decompressing and converting from BLOB to CLOB. Only the LOG (RAW) column of AUDIT_TRAIL is somehow different.
ReplyDeleteAlso, not sure if it is something to do with the DB version itself, I am using Oracle 12c DB as well. With SOA 11g I was using Oracle 11g DB.
Hi what is the "block" in the audit_trail table? Why does your code hardcode it where block=1 ? Thanks!
ReplyDeleteeach time audit trail is appended by engine a block with one or multiple rows are inserted. So we have to uncompress each block separately. In order to loop the blocks I selected the first rows of each block.
DeleteDoes anyone have a solution to get 12c soa infra audit log xml without special characters
ReplyDeleteHi, What do you mean by special characters? Did you mean without getting the binary serialized object?
Delete