10.1 Why Audit?
The first step in developing an audit plan is to determine why you need to audit. Not every site does. As we've mentioned, there are two main reasons for auditing:
Once you've figured out why you want to implement auditing, deciding which objects to audit will be easier. Determining the purpose will also help you narrow your scope to avoid gathering too much superfluous information.
10.1.1 Auditing to Confirm Suspicions
One good reason for auditing is to confirm your suspicions that something or someone is causing a problem. For example, you might suspect that data is being deleted from a table that should not be losing any records. In order to determine whether or not this is the case, you could enable auditing to track deletions from that specific table. By limiting the scope of the audit, you get a much clearer picture of the specific activity you want to track. Having said that, we'll admit there are times when the suspicious activity may be so subtle that you must first enable general auditing and then, after you evaluate the audit results, narrow the auditing to better pinpoint the source of the problem. There is no rule that says you cannot enable one form of auditing for a period of time and then disable that auditing and enable another type.
10.1.2 Auditing to Analyze Performance
If you are performing auditing to determine the volume of traffic interacting with specific areas of your database, we recommend you narrow the scope of your auditing to those specific areas that will provide you the information you are looking for. If you are interested in monitoring I/O, then enabling object monitoring will not accomplish your purpose. You should also audit over a set period of time to limit the volume of data collected. In this way, the information you've gathered will not get cluttered or overwhelmed with extra, unneeded data. Once you have gathered enough information to fulfill your auditing purposes, you can archive the audit information and purge it from the database audit history to free space in the system tablespace, as we describe in the next section.