Running an audit from the command line with ojAudit
By John 'JB' Brock on Aug 31, 2011
NOTE (UPDATE 9/30/2011): This post currently does not work with 11gR2 (188.8.131.52.0) because of a bug. The bug has been fixed in 11gR2 Update 1 (184.108.40.206.0). Please make sure you are running the latest release of R2.
There is often a need to run an audit profile against a specific application, project, or even a file, and do it all from a script that may be part of a larger task.
JDeveloper provides a tool just for this task. It's called ojAudit.
By default, you'll find this tool in the <oracle_home>/jdeveloper/jdev/bin directory.
If you run the tool without any arguments, you will get a really good usage guide, complete with examples.
The one thing that is needed by all of the examples, is a profile. Let's look at how to create an audit profile so you can use it from the command line.
If you run JDeveloper and look under Tools >> Preferences >> Audit >> Profiles you will see a list of the profiles defined by default.
If you want to create your own profile, that is a subset of the existing rules, you can check and uncheck the various rules until you only have the ones that you want to run in your profile. You will notice that the Profile name at the top of the dialog says that the currently selected profile has been (Modified).
Click on the Save As button and enter a new name for your profile. You now have your own audit profile created and it can be used from the command line. You don't need to know the location of the actual profile file, but by default, these audit profile files are saved at:
In the example above, you see that I am using version 220.127.116.11.37.60.13 of JDev. In other words, 11gR1 PS4. Your systemXXXX will vary depending on what version of JDev you have installed. The rest of the path should be the same.
If you still can't locate the file, do a search on the name. If you entered spaces in the profile name when you did the Save As in the dialog, the spaces will be replaced with " - ". In the example that I used above, I named my profile to "My Audit Profile". The resulting file is "my-audit-profile.xml".
Once you have your profile created, you can use it from the command line like this:
ojaudit -profile 'My Audit Profile' -workspace <path-to-workspace(jws)-file>
If you forget exactly how you spelled your profile name, or just can't remember it because you created it a while ago, you can run:
and it will list all of the available profiles that can be used.
You can audit an entire workspace, a project, or a specific file. If you point to a specific file, you will need to set -classpath and -sourcepath for the files that you want to audit.
The report will output to stdout by default, so unless you are ok reading a bunch of xml from the command window, I would also add: -output report.xml
The final syntax would look something like:
ojaudit -profile 'My Audit Profile' -workspace <path-to-workspace(jws)-file> -output report.xml