How to clean up older records in AUD$ table

Auditing is the monitoring and collection of some user database actions and record these data in some tables. Auditing is always enabled. Oracle Database generates audit records during or after the execution phase of the audited SQL statements. But AUD$ table will growth and will impact the performance of database.

The AUD$ table is used for the database auditing purpose suc as:
CREATE SESSION,
LOGON, LOGOFF,
SELECT, INSERT, DELETE

When AUDIT_TRAIL is set to either DB or DB_EXTENDED value. From 11g forwards AUDIT_TRAIL is activated by default and it is set to DB.

We need to maintain AUD$. So let us see how we can achieve this. Here is the step by step actions

1. First, Check your current parameters

SQL> show parameter                                                                 

    NAME           TYPE    VALUE
--------------   -------   -----  
audit_trail       string    DB

2. Let us check which tablespace is using by AUD$ table. Default tablespace is in SYSTEM tablespace.

SQL> select owner,segment_name,segment_type,tablespace_name,(bytes/1024/1024/1024) as SizeinGB from dba_segments where segment_name=’AUD$’;

OWNER SEGMENT_NAME     SEGMENT_TYPE TABLESPACE_NAME SizeinGB
------ -------------- ------------ ---------------- ----------
SYS         AUD$        TABLE          SYSTEM          95

3. If AUD$ table is in SYSTEM tablespace , then let us move it to a new tablespace. In this case we will use AUDIT_TS.

After create new tablespace let us run below command as sysdba user.

BEGIN
DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_LOCATION(audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,audit_trail_location_value => 'AUDIT_TS');
END;
/

Now we can check AUD$ table is moved to our new tablespace or not

SQL> select owner,segment_name,segment_type,tablespace_name,(bytes/1024/1024/1024) as SizeinGB from dba_segments where segment_name=’AUD$’;

OWNER SEGMENT_NAME     SEGMENT_TYPE TABLESPACE_NAME SizeinGB
------ -------------- ------------ ---------------- ----------
SYS         AUD$        TABLE          AUDIT_TS       95

4. Now we can use some options to maintenance for SYS.AUD$ table.,

Here are our options:

Option 1:
Regularly run truncate command for SYS.AUD$ table. Syntax is:

TRUNCATE TABLE SYS.AUD$;

Option 2:
Purge the audit trail records by using DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL procedure. Syntax is:

BEGIN
DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(
AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
USE_LAST_ARCH_TIMESTAMP => TRUE );
END;
/

Option 3:
Initialize the clean job. If you haven’t moved the AUD$ table out of SYSTEM tablespace, then below script will move the AUD$ to SYSAUX tablespace by default.Syntax is:

BEGIN
DBMS_AUDIT_MGMT.init_cleanup(audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,default_cleanup_interval => 12 /* set_hours */);
END;
/

Now we can check whether initialization is success or not:

SET SERVEROUTPUT ON
BEGIN
IF DBMS_AUDIT_MGMT.is_cleanup_initialized(DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD) THEN
DBMS_OUTPUT.put_line('YES');
ELSE
DBMS_OUTPUT.put_line('NO');
END IF;
END;
/