UKOUG Northern Technology Summit

northerntech17-com-600x110-cfp-v1

Here at the UKOUG, we’ve just announced that we will be holding a 1-day UKOUG Northern Technology Summit in the North of England on the week commencing 16th April 2018.

We have not finalised the location yet, but it will be in either Manchester or Leeds.

This is a 5-stream 1 day event, with around 30 talks! We’d call it a conference – it’s bigger than some European national conferences! – but we don’t want to have any confusion with our sexy flagship conference, UKOUG Tech17.

The Call For Papers is now Open, and we are looking for talks in relation to Database, RAC, Cloud, Apex, Development and Engineered Systems. A full list can be found on the CfP page, linked here.

Tweet about it with the hashtag #UKOUG_ntech

HrOUG – The Croatian Conference

Arriving on Tuesday afternoon, directly from the Slovenia Conference and it’s straight into the 3rd Autumn conference! Conveniently, Slovenia and Croatia are timed together and are held within a little over 1 hours drive (plus a 15 minute boat ride!) apart. Well done on that one guys!IMG_1892

A quiet beer as many speakers and delegates wait at the docks for the boat to arrive, and I seem to be timing these sunsets well!IMG_1795

Wednesday was a day off, so Tuesday night allowed me to let my hair down a little and have a drink until late into the night. Wedneday, and the organizer, Davor, had arranged for all of the Oracle ACEs and Oakies to go on a tour of nearby Pula followed by some Go Karting. Great fun! I knew nothing of Pula so I was rather surprised to discover a huge Amphitheatre there!

This slideshow requires JavaScript.

The talks, on Thursday and Friday, were a repeat of the talks in Slovenia about Histograms and Plan Stability.  A great conference in a truely excellent location – having the conference on an island gives it the same magic as the OUGN conference: you can’t just wander off, we are all there together and that really adds to the conference.

IMG_1933

Rovinj with Andrew!

As a added bonus, one of my friends happened to be in the nearby town of Rovinj on the Friiday afternoon, which meant a serendipidous meet-up for lunch.

Overall a wonderful pair of conferences which felt as much a holiday as work, although I think I need a holiday to recover from them.

SiOUG – The Slovenian Conference

So October came around and it was time for my second and third conferences of the autumn season.  I had been kindly select to do 2 talks at this Slovenian User Group, but a last-minute problem with another speaker meant I found myself giving 3 talks in 2 days. Excellent fun!IMG_1728

 

I arrived in lovely Portoroz just as the sun was setting, with what seemed like most of Slovenia leaving the coast on the final hot Sunday of the year, just in time for a huge and wonderful dinner with all of the other speakers.

Day 1 was a whirlwind of talks, food and presenting  much of what I know about Histograms and Chocolate, washed down with a local craft ale – Thank You HumanFish Brewery! Yum!

A party at the end of day 1, with a generous consumption of wine and Craft Ale – all consumed with the lovely friendly and fun Slovenians at the conference – y’all know who you are! – meant that Day 2 held some trepidation…. would I wake up in time!

Day 2 saw me giving 2 more talks, about Optimizer Plan Stability, and also about DataGuard, in front of an interested and good sized audience before hopping into my car and driving down to Croatia to give 2 talks in a somewhat more leisurely 3 days. Tomorrow is a day off! Holiday!

High Five POUG: Polish Oracle User Group Conference?

I’ve just returned from presenting at the 2nd annual POUG Conference, this time in Krakow, Poland (the first was in Warsaw). This is the Polish Pint with Oracle User Group conference and is exactly what a conference should be. Educational, Informative, Well-executed and Fun.  It was based in a lovely city, with a wonderful friendly people, good food and great beer!

The Speakers gift was very thoughtful - a personalised t-shirt which my wife has declared too good to wear!

As you might imagine, with a name like Pint with Oracle User Group, there is beer to be drank. But in this case it was as available as the tea and coffee – and completely free! Several hundreds of litres of it were consumed over the course of the 2 day conference, a tiny little bit of it by me. I suppose this is the side effect of having a conference in a micro-brewery. Talk about organization skills!

IMG_1606

Brewery and Conference Location!

There were around 30 speakers giving talks, many of them well-known Oracle ACEs of various hues but a couple of first-timers who were excellent too.  It also reminds me that you don’t need to be an expert to speak at conference. You don’t need to know the n-th level of detail like Jonathan Lewis. You just need a story to tell about something you did that was interesting! I assume we’re all doing something interesting in our jobs from time to time? If you are not, you might want to try to find a job with interesting things to do, then talk about them!

One unique thing was being walked onto stage to a thumping good tune (I picked Human, by Rag’n’Bone Man) by an anthropomorphisation of the POUG Logo – basically a IMG_1571young ‘Oracle’ dressed like Obi-Wan Kenobi. They were also there to help out the delegates and speakers with any queries or problems they may have. Usefully they were all current or recently completed students on their way to being a doctors, vetenarians or structural engineers. High quality help indeed!

Many thanks to Kamil, Luiza and everyone else at POUG for a wonderful conference to remember.

IMG_1536I was debuting a new conference talk about Histograms. The talk went well, I think, but there are a couple of tiny kinks to iron out for the next time I present it – in Slovenia and Croatia – next month. Best remove the POUG-specific slides too, right Adam!

 

 

 

 

 

 

 

oh, and the talk of the Conference was…Martin Widlake, with a gigantic beer!

IMG_1610

Martin Widlake giving a rather good talk about the parallels (and perils) of Beer and Development

 

 

UKOUG Tech17 Call For Papers!

The UK OracleUser Group has opened its Call For Papers for our flagship conference.

tech17We are looking for presenters across all Oracle technologies – and non-Oracle Open Source tech too! Showcase your skills in front of a thousand technologists of all skill levels and experience.

Do you have a story? Yes, you do. Submit an abstract here! You don’t need to be explaining the deep dark internals of an obscure part of Oracle nobody else has ever seen. Just tell us what you are doing. That’s cool, and that’s what we care about (although if you do have a talks about deep dark internals, we’ll have that too)

two_cakes

Image originally tweeted by @fictionaIs

But I’m not Original?

That’s not how delegates see it. That’s not how I see it and that’s how the selection committees see it.

You can be so the (wo)man, and own the conference! Two cakes? Yes please!

We have over 250 speaker slots available over the course of 3.5 days. We want new speakers, we want old speakers (which is lucky), we want everyone!

Whether you speak or not, the combination of awesome agenda a social interaction makes it the best all-round Oracle conference in the world. See you there!

Getting Started with GoldenGate

gettingstartedwithgoldengateNot a blog post per-se, but a link to my article in the UKOUG quarterly magazine OracleScene. It is a great publication with some simply fantastic articles. Its completely free, and is available online as well as in print at Oracle offices in the UK and at UKOUG events. My article will take you through a simple step-by-step Oracle centric one way replication on VM Virtual Box. From nothing to fully working replication. Sexy! Hope you enjoy it.

Oracle Audit Part 4 – Unified Auditing Problem

Part 4 in a loose series of blog posts about auditing; the new Oracle 12 feature. Unified auditing.monkey_examine

The intention behind Unified Auditing, as the name suggests, is to pull together all of the audit records from the disparate Oracle auditing locations into a single unified location. It captures standard audit information (including sys records normally written to the O/S),  FGA audit, record from Database Vault, Label Security, rman, etc.

Sounds great, and it is. 12.1 has a significant problem, but it seems a lot better in 12.2 (where I have not yet had time to spot any problems 🙂 )

The first thing that you need to know is that it is on by default.
It is gathering audit information in your 12C database right now, possibly duplicating any traditional auditing you may have switched-on yourself. By default the database is in “Mixed mode”, meaning you can use the old style of audit and unified auditing too. You need to re-link the oracle binary with the database down to enable exclusively-Unified auditing

cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk uniaud_on ioracle

(on windows, you need to move the correct DLL into place.)

So what is enabled by default?

1  select * from audit_unified_enabled_policies;

USER_NAME       POLICY_NAME            ENABLED ENABLED_OPTION  ENTITY_NAME     ENTITY_ SUC FAI
--------------- ---------------------- ------- --------------- --------------- ------- --- ---
ALL USERS       ORA_SECURECONFIG       BY      BY USER         ALL USERS       USER    YES YES
ALL USERS       ORA_LOGON_FAILURES     BY      BY USER         ALL USERS       USER    NO  YES

What does that mean?

  1  select POLICY_NAME,AUDIT_OPTION,AUDIT_OPTION_TYPE,OBJECT_SCHEMA,OBJECT_NAME,OBJECT_TYPE
  2    from audit_unified_policies
  3   where policy_name in ('ORA_SECURECONFIG','ORA_LOGON_FAILURES')
  4*  order by 1,2,3,4,5;

POLICY_NAME          AUDIT_OPTION                             AUDIT_OPTION_TYPE  OBJECT_SCHEMA             OBJECT_NAME               OBJECT_TYPE
-------------------- ---------------------------------------- ------------------ ------------------------- ------------------------- --------------------
ORA_LOGON_FAILURES   LOGON                                    STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     ADMINISTER KEY MANAGEMENT                SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     ALTER ANY PROCEDURE                      SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     ALTER ANY SQL TRANSLATION PROFILE        SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     ALTER ANY TABLE                          SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     ALTER DATABASE                           SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     ALTER DATABASE LINK                      STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     ALTER PLUGGABLE DATABASE                 STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     ALTER PROFILE                            STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     ALTER ROLE                               STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     ALTER SYSTEM                             SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     ALTER USER                               STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     AUDIT SYSTEM                             SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     BECOME USER                              SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE ANY JOB                           SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE ANY LIBRARY                       SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE ANY PROCEDURE                     SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE ANY SQL TRANSLATION PROFILE       SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE ANY TABLE                         SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE DATABASE LINK                     STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE DIRECTORY                         STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE EXTERNAL JOB                      SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE PLUGGABLE DATABASE                STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE PROFILE                           STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE PUBLIC SYNONYM                    SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE ROLE                              STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE SQL TRANSLATION PROFILE           SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     CREATE USER                              SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     DROP ANY PROCEDURE                       SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     DROP ANY SQL TRANSLATION PROFILE         SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     DROP ANY TABLE                           SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     DROP DATABASE LINK                       STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     DROP DIRECTORY                           STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     DROP PLUGGABLE DATABASE                  STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     DROP PROFILE                             STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     DROP PUBLIC SYNONYM                      SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     DROP ROLE                                STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     DROP USER                                SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     EXECUTE                                  OBJECT ACTION      REMOTE_SCHEDULER_AGENT    ADD_AGENT_CERTIFICATE     PROCEDURE
ORA_SECURECONFIG     EXECUTE                                  OBJECT ACTION      SYS                       DBMS_RLS                  PACKAGE
ORA_SECURECONFIG     EXEMPT ACCESS POLICY                     SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     EXEMPT REDACTION POLICY                  SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     GRANT ANY OBJECT PRIVILEGE               SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     GRANT ANY PRIVILEGE                      SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     GRANT ANY ROLE                           SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     LOGMINING                                SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     PURGE DBA_RECYCLEBIN                     SYSTEM PRIVILEGE   NONE                      NONE                      NONE
ORA_SECURECONFIG     SET ROLE                                 STANDARD ACTION    NONE                      NONE                      NONE
ORA_SECURECONFIG     TRANSLATE ANY SQL                        SYSTEM PRIVILEGE   NONE                      NONE                      NONE

49 rows selected.

So that’s quite a lot of auditing on by default.

If you want to disable unified auditing policies, you need to use:

noaudit policy 
e.g. noaudit policy ora_secureconfig

So what’s the problem with Unified Auditing in 12.1?

Performance. It’s dreadful, and simply unusable.  Hwo about this simple select asking how much audit in the last 30 minutes from the UNIFIED_AUDIT_TRAIL view?

select count(*) from unified_audit_trail where EVENT_TIMESTAMP > systimestamp - interval '30' minutes;

It effectively blocked itself in a RAC environment, with one parallel query slave blocked by another – really not sure what was going on there but it never completed (well, I killed it after half a day).

I have seen a similar query in a non-RAC environment (or against table v$unified_audit_trail – which you really shouldn’t use as it can give an incomplete picture) run for well over an hour with a remarkably small data set. Not useful if you are trying to scrape content into an external monitor regularly…

MOS Article 2212196.1 explains how to resolve this in 12.1, by transferring all of the data to a table.

In 12.2, this is resolved by all data being stored in a table call AUDSYS.AUD$UNIFIED.
The table uses interval-based partitioning and is partitioned with a monthly interval:

...
PARTITION BY RANGE ("EVENT_TIMESTAMP") INTERVAL (INTERVAL '1' MONTH)
 (PARTITION "AUD_UNIFIED_P0"  VALUES LESS THAN (TIMESTAMP' 2014-07-01 00:00:00')
...

Because it is a table, we can index it.It works like a table. It’s quick.

In my next audit article, I’ll look to explain how unified auditing works in a bit more depth, now that the performance no longer renders it unusable to queries.

%d bloggers like this: