10g中审计相关的几个参数
sys@EBANK>show parameter audit
sys@EBANK>show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /home/db/oracle/product/10.2.0
/rdbms/audit
audit_sys_operations boolean FALSE
audit_syslog_level string USER
audit_trail string NONE
------------------------------------ ----------- ------------------------------
audit_file_dest string /home/db/oracle/product/10.2.0
/rdbms/audit
audit_sys_operations boolean FALSE
audit_syslog_level string USER
audit_trail string NONE
其中audit_syslog_level的作用是将审计日志记录到操作系统的系统日志中,如linux下的/var/log/message里,默认情况下,该参数为none,当该参数设置为user.notice
时,即使audit_sys_operations 被设置为false,audit_trail设置为none,此时仍然会在操作系统日志里记录sysdba的登录以及关闭启动数据库的操作:
时,即使audit_sys_operations 被设置为false,audit_trail设置为none,此时仍然会在操作系统日志里记录sysdba的登录以及关闭启动数据库的操作:
[root@single log]# tail -f messages
Dec 10 15:16:59 single Oracle Audit[631]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 15:18:13 single Oracle Audit[694]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 15:19:28 single Oracle Audit[702]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:21:54 single Oracle Audit[702]: ACTION : 'SHUTDOWN' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:22:05 single Oracle Audit[894]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:22:09 single Oracle Audit[895]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 15:18:13 single Oracle Audit[694]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 15:19:28 single Oracle Audit[702]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:21:54 single Oracle Audit[702]: ACTION : 'SHUTDOWN' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:22:05 single Oracle Audit[894]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:22:09 single Oracle Audit[895]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
而当audit_sys_operations 被设置为true时,sys用户的所有动作将被记录到系统日志里:
sys@EBANK>show
parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /home/db/oracle/product/10.2.0
/rdbms/audit
audit_sys_operations boolean TRUE
audit_syslog_level string USER
audit_trail string NONE
------------------------------------ ----------- ------------------------------
audit_file_dest string /home/db/oracle/product/10.2.0
/rdbms/audit
audit_sys_operations boolean TRUE
audit_syslog_level string USER
audit_trail string NONE
Dec 10 16:23:46 single Oracle Audit[940]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:23:46 single Oracle Audit[940]: ACTION : 'SELECT DECODE(null,'','Total System Global Area','') NAME_COL_PLUS_SHOW_SGA, SUM(VALUE), DECODE (null,'', 'bytes','') units_col_plus_show_sga FROM V$SGA UNION ALL SELECT NAME NAME_COL_PLUS_SHOW_SGA , VALUE, DECODE (null,'', 'bytes','') units_col_plus_show_sga FROM V$SGA' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:23:50 single Oracle Audit[940]: ACTION : 'ALTER DATABASE MOUNT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:23:50 single Oracle Audit[941]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:23:54 single Oracle Audit[941]: ACTION : 'ALTER DATABASE OPEN' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:24:05 single Oracle Audit[941]: ACTION : 'SELECT NAME NAME_COL_PLUS_SHOW_PARAM,DECODE(TYPE,1,'boolean',2,'string',3,'integer',4,'file',5,'number', 6,'big integer', 'unknown') TYPE,DISPLAY_VALUE VALUE_COL_PLUS_SHOW_PARAM FROM V$PARAMETER WHERE UPPER(NAME) LIKE UPPER('-0x1.d5b240000011ap-1udit%') ORDER BY NAME_COL_PLUS_SHOW_PARAM,ROWNUM' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:25:04 single Oracle Audit[941]: ACTION : 'select count(*) from test' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:25:05 single Oracle Audit[941]: ACTION : 'BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END;' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:23:46 single Oracle Audit[940]: ACTION : 'SELECT DECODE(null,'','Total System Global Area','') NAME_COL_PLUS_SHOW_SGA, SUM(VALUE), DECODE (null,'', 'bytes','') units_col_plus_show_sga FROM V$SGA UNION ALL SELECT NAME NAME_COL_PLUS_SHOW_SGA , VALUE, DECODE (null,'', 'bytes','') units_col_plus_show_sga FROM V$SGA' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:23:50 single Oracle Audit[940]: ACTION : 'ALTER DATABASE MOUNT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:23:50 single Oracle Audit[941]: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:23:54 single Oracle Audit[941]: ACTION : 'ALTER DATABASE OPEN' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:24:05 single Oracle Audit[941]: ACTION : 'SELECT NAME NAME_COL_PLUS_SHOW_PARAM,DECODE(TYPE,1,'boolean',2,'string',3,'integer',4,'file',5,'number', 6,'big integer', 'unknown') TYPE,DISPLAY_VALUE VALUE_COL_PLUS_SHOW_PARAM FROM V$PARAMETER WHERE UPPER(NAME) LIKE UPPER('-0x1.d5b240000011ap-1udit%') ORDER BY NAME_COL_PLUS_SHOW_PARAM,ROWNUM' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:25:04 single Oracle Audit[941]: ACTION : 'select count(*) from test' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
Dec 10 16:25:05 single Oracle Audit[941]: ACTION : 'BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END;' DATABASE USER: '/' PRIVILEGE : SYSDBA CLIENT USER: ora10g CLIENT TERMINAL: pts/1 STATUS: 0
官方文档里关于此参数的解释如下:
AUDIT_SYSLOG_LEVEL enables OS audit logs to be written to the system via the SYSLOG utility if the AUDIT_TRAIL parameter is set to os.
The value of facility can be any of the following: USER, LOCAL0-LOCAL7, SYSLOG, DAEMON, KERN, MAIL, AUTH, LPR, NEWS, UUCP or CRON.
The value of level can be any of the following: NOTICE, INFO, DEBUG, WARNING, ERR, CRIT, ALERT, EMERG .
The value of facility can be any of the following: USER, LOCAL0-LOCAL7, SYSLOG, DAEMON, KERN, MAIL, AUTH, LPR, NEWS, UUCP or CRON.
The value of level can be any of the following: NOTICE, INFO, DEBUG, WARNING, ERR, CRIT, ALERT, EMERG .
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10972173/viewspace-683456/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/10972173/viewspace-683456/