The size of the audit queue can be set by a System Security Officer. The default configuration is as follows:
A single audit record requires a minimum of 32 bytes, up to a maximum of 424 bytes.
This means that a single data page stores between 4 and 80 records.
The default size of the audit queue is 100 records, requiring approximately 42K.
The minimum size of the queue is 1 record; the maximum size is 65,335 records.
There are trade-offs in sizing the audit queue, as shown in Figure 10-5.
If the audit queue is large, so that you do not risk having user processes sleep, you run the risk of losing any audit records in memory if there is a system failure. The maximum number of records that can be lost is the maximum number of records that can be stored in the audit queue.
If security is your chief concern, keep the queue small. If you can risk the loss of more audit records, and you require high performance, make the queue larger.
Increasing the size of the in-memory audit queue takes memory from the total memory allocated to the data cache.
Figure 10-5: Trade-offs in auditing and performance
