I think I was using it without knowing...I have learned it the hard
way because I noticed that in all my production databases the
sysaux tablespace was growing fast. I used the script awrreport and
I saw that the space was used by the schema AUDSYS, and more
exactly by a LOB column in a table used by the audit, called
something like CLI_SWP$#ee92..(long number here)
This is strange because according to the doc Unified auditing is
not enabled:
select * from v$option where parameter like '%Audit%'
returns false for 'Unified Auditing'.
So I guess that I am in mixed mode
select count(*) from unified_audit_trail;
the query takes so long that I never get a response. Strange
because according to the doc, this view is not used in mixed mode
so it should be empty. DBA_AUDIT_TRAIL is very small as is the old
AUD$ table
select * from audit_unified_enabled_policies;
it shows that the policy ORA_SECURECONFIG is enabled
If I really try hard to read the view unified_audit_trail, on a
development system where it is much smaller, I can see that most of
the record in unified_audit_trail are related to login/logoff
If I disable the ORA_SECURECONFIG then those records are not coming
anymore: noaudit
policy ora_secureconfig;
If I change the audit_trail parameter from 'DB' to 'none' (it needs
a restart of the DB) then all those records stop also to appear in
the view audit_unified_policies
So I am going to do that on all my prod databases.
But then I am left with 20G of audit data to clean. There is a
purge procedure, but the underlying tables are so big that nothing
seem to work (even a simple select takes ages, it seems the
underlying tables are full of partitions CLOB columns and it is
incredibly slow)
My final though is that the documentation is not correct: even if
the option is not installed, once the audit_trail parameter is set
to 'DB' oracle starts to store a lot of data in the AUDSY schema
(be ready to put the purge job in place, as documented). What is
particular to my set-up is that our applications are doing
continuous login/logoff which is not very common and not a good
design. But for sure I don't need nor want all this audit
information that nobody will ever read anyway !!
Rgds, Pierre