oracle10g 审计功能
相关参数:
AUDIT_FILE_DEST 系统存放审计日志的目录
AUDIT_SYS_OPERATIONS 是否审计sys system用户
AUDIT_TRAIL :
AUDIT_TRAIL = { db | os | none | true | false | db_extended }
其中
None:是默认值,不做审计;
DB:将audit trail 记录在数据库的审计相关表中,如aud$,审计的结果只有连接信息;
DB,Extended:这样审计结果里面除了连接信息还包含了当时执行的具体语句;
OS:将audit trail 记录在操作系统文件中,文件名由audit_file_dest参数指定;
审计的几个选项:
by access / by session:
by access 每一个被审计的操作都会生成一条audit trail。
by session 一个会话里面同类型的操作只会生成一条audit trail,默认为by session。
whenever [not] successful:
whenever successful 操作成功(dba_audit_trail中returncode字段为0) 才审计,
whenever not successful 反之。省略该子句的话,不管操作成功与否都会审计。
主要相关的视图:dba_audit_trail
测试:
SQL> show parameters AUDIT_SYS_OPERATIONS;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_sys_operations boolean FALSE
SQL> show parameters AUDIT_TRAIL;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_trail string NONE
SQL> alter system set AUDIT_TRAIL=db scope=spfile;
System altered
SQL> show parameters AUDIT_TRAIL;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_trail string NONE
然后重启数据库使得参数生效
SQL> audit select,insert,update,delete on scott.emp;
Audit succeeded
SQL> conn scott/tiger
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
Connected as scott
SQL> select * from emp where rownum=1;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
----- ---------- --------- ----- ----------- --------- --------- ------
7369 SMITH CLERK 7902 1980-12-17 800.00 20
SQL> select OS_USERNAME,username,USERHOST,TERMINAL,TIMESTAMP,
2 OWNER,obj_name,ACTION_NAME,sessionid,os_process,sql_text from dba_audit_trail;
OS_USERNAME USERNAME USERHOST TERMINAL TIMESTAMP OWNER OBJ_NAME ACTION_NAME SESSIONID OS_PROCESS SQL_TEXT
-------------------------------------------------------------------------------- ------------------------------ -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- ----------- ------------------------------ -------------------------------------------------------------------------------- ---------------------------- ---------- ---------------- --------------------------------------------------------------------------------
ICBCOA-6170D1DD\Administrator SCOTT MSHOME\ICBCOA-6170D1DD ICBCOA-6170D1DD 2009-12-19 SCOTT EMP SESSION REC 145 2908:2116
ICBCOA-6170D1DD\Administrator SCOTT MSHOME\ICBCOA-6170D1DD ICBCOA-6170D1DD 2009-12-19 SCOTT EMP SESSION REC 148 2908:520
SQL>
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/16179598/viewspace-623088/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/16179598/viewspace-623088/