Retention and Purging of Standard audit record

Below are some of  steps for managing  standard audit data from aud$ . 

Check locations.

BEGIN

DBMS_AUDIT_MGMT.set_audit_trail_location(

audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,

audit_trail_location_value => 'AUDIT_TS');

END;

/

SELECT

   table_name,

   tablespace_name

FROM

   dba_tables

WHERE

   table_name IN ('AUD$')

ORDER BY

   table_name;

Check audit configuration settings

Here the STANDARD AUDIT TRAIL parameter setting represent tablespace, batch size and clean up interval for database audit table.

 COLUMN parameter_name FORMAT A30

COLUMN parameter_value FORMAT A20

COLUMN audit_trail FORMAT A20

SET LINES 2000

SELECT * FROM dba_audit_mgmt_config_params;

Check last archive purge timestamp

If the archive CLEANUP_TIME is not recent then it’s likely to cause problem for the actual purge job.

SQL> SELECT * FROM DBA_AUDIT_MGMT_CLEAN_EVENTS WHERE CLEANUP_TIME > SYSDATE -31;

COLUMN AUDIT_TRAIL FORMAT A20

COLUMN LAST_ARCHIVE_TS FORMAT A40

select AUDIT_TRAIL, RAC_INSTANCE,DATABASE_ID,CONTAINER_GUID, LAST_ARCHIVE_TS from DBA_AUDIT_MGMT_LAST_ARCH_TS;

DATABASE_ID = 0 is an invalid entry and it could have generated during the upgrade phase and caused the issue for the audit purge jobs.

Execute below to remove unknown DATABASE_ID records

exec DBMS_AUDIT_MGMT.CLEAR_LAST_ARCHIVE_TIMESTAMP(DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,database_id=>0,container_guid=>’00000000000000000000000000000000′);

exec DBMS_AUDIT_MGMT.CLEAR_LAST_ARCHIVE_TIMESTAMP(DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD,database_id=>0,container_guid=>’00000000000000000000000000000000′);

exec DBMS_AUDIT_MGMT.CLEAR_LAST_ARCHIVE_TIMESTAMP(DBMS_AUDIT_MGMT.AUDIT_TRAIL_XML,database_id=>0,container_guid=>’00000000000000000000000000000000′);

exec DBMS_AUDIT_MGMT.CLEAR_LAST_ARCHIVE_TIMESTAMP(DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS,database_id=>0,container_guid=>’00000000000000000000000000000000′);

One-time clean up procedure

Run the one time clean up procedure, which will clean up the records based on the archival timestamp in the purge configuration. Caution: Setting the use_last_arch_timestamp parameter to FALSE will cleanup all the standard audit trail records.

 BEGIN

DBMS_AUDIT_MGMT.clean_audit_trail(

audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,

use_last_arch_timestamp => TRUE);     

END;

/

Reference : 

https://dbaclass.com/article/purge-aud-table-using-dbms_audit_mgmt/