Improve the performance of IPD LOGON/LOGOFF processes when Unified Auditing is enabled for Oracle in Confluence

XMLWordPrintable

    • 1

      We see high LOGON/LOGOFF when Unified Auditing is enabled for Oracle in Confluence.

      When compared to Jira/Oracle - Jira appears to have a much lower LOGON/LOGOFF. As much we understand - there are no performance issues, just that some customers can incur costs based on the number of LOGON/LOGOFF events.

      Below are the steps to replicate using a Docker Oracle 19c container on local Mac machine and enable Unified Auditing.

      How to Replicate
      1. Spin up Confluence and integrate to Oracle
      2. To track the LOGON/LOGOFF, follow the steps here to enable Oracle Unified Auditing:
        1. Create Docker Oracle 19c container (on local Mac ARM)
          • For Linux, you can try:
            You may need an Oracle account
            docker pull oracle/database:19.3.0-ee
        2. Deploy Docker Oracle 19c
          Run on host
          docker run -id -p 1521:1521 -e ORACLE_PASSWORD=oracle -e ORACLE_PWD=oracle oracle/database:19.3.0-ee
        3. Enable Unified Auditing in Oracle 19c
          Run inside Docker container
          bash-4.4$ sqlplus / as sysdba

          SQL> shutdown immediate

          SQL> quit
          Run inside Docker container
          bash-4.4$ lsnrctl stop
bash-4.4$ cd $ORACLE_HOME/rdbms/lib
bash-4.4$ make -f ins_rdbms.mk uniaud_on ioracle
bash-4.4$ sqlplus / as sysdba

          SQL> startup

          SQL> quit
          Run inside Docker container
          bash-4.4$ lsnrctl start

        Connect to Oracle 19c and check if Unified Auditing is now enabled:

        bash-4.4$ sqlplus / as sysdba

        SQL> select PARAMETER, VALUE from v$option where PARAMETER = 'Unified Auditing';

        PARAMETER
----------------------------------------------------------------
VALUE
----------------------------------------------------------------
Unified Auditing
TRUE

        Now also run:

        SQL> CREATE AUDIT POLICY ORA_ADS$_LOGON_EVENTS ACTIONS LOGON,LOGOFF;
        Response
        Audit policy created.

        SQL> AUDIT POLICY ORA_ADS$_LOGON_EVENTS ;
        Response
        Audit succeeded.

        If the Oracle Docker container is restarted, then the above must be re-done after the restart to re-enable Oracle Unified Auditing.

        Now, deploy Confluence 8.5.16 / ojdbc8-v19.3.jar with Oracle 19c and just monitor.

      Spin up Confluence 8.5.16/ojdbc8-v19.3.jar and Jira 9.12.14/ojdbc8-v19.3.jar and monitor.

      As we can see with this graph, Confluence LOGON/LOGOFF climbs at a much higher rate than Jira's LOGON/LOGOFF. The above graph was only for ~ 6 hours of "idle" application up time.

      Oracle SQL query to monitor the frequency of LOGON/LOGOFF events:

      select EVENT_TIMESTAMP, CLIENT_PROGRAM_NAME, DBUSERNAME, CURRENT_USER, SYSTEM_PRIVILEGE_USED, ACTION_NAME FROM UNIFIED_AUDIT_TRAIL order by EVENT_TIMESTAMP asc

        1. graph1.png
          graph1.png
          383 kB

            Assignee:
            Unassigned
            Reporter:
            Shekhar Gupta
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: