oracle10g_audit_solaris_利用audit_sys_operations

Normal 0 7.8 磅 0 2 false false false MicrosoftInternetExplorer4 1, 术语简解

  AUDIT_SYS_OPERATIONS

Property	Description
Parameter type	Boolean
Default value	false
Modifiable	No
Range of values	true | false
Basic	No

 

AUDIT_SYS_OPERATIONS enables or disables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges. The audit records are written to the operating system's audit trail. The audit records will be written in XML format if the AUDIT_TRAIL initialization parameter is set to XML.

此参数为静态参数，修改后要重启数据库实例

 

AUDIT_TRAIL

Property	Description
Parameter type	String
Syntax	AUDIT_TRAIL = { none | os | db | db,extended | xml | xml,extended }
Default value	none
Modifiable	No
Basic	No

 

AUDIT_TRAIL enables or disables database auditing.

Values:

• none

Disables database auditing.

• os

Enables database auditing and directs all audit records to the operating system's audit trail.

• db

Enables database auditing and directs all audit records to the database audit trail (the SYS.AUD$ table).

• db,extended

Enables database auditing and directs all audit records to the database audit trail (the SYS.AUD$ table). In addition, populates the SQLBIND and SQLTEXT CLOB columns of the SYS.AUD$ table.

• xml

Enables database auditing and writes all audit records to XML format OS files.

• xml,extended

Enables database auditing and prints all columns of the audit trail, including SqlText and SqlBind values.

 

2,配置操作步骤

SQL> alter system set audit_sys_operations=true scope=spfile;

 

System altered.

SQL>shutdown immediate

 

SQL>startup

 

SQL> show parameter audit

 

NAME                                 TYPE        VALUE

------------------------------------ ----------- ------------------------------

audit_file_dest                      string      /oracle/admin/ora10g/adump  --注：所有申计记录文件存储在这个目录下

audit_sys_operations                 boolean     TRUE

audit_syslog_level                   string

audit_trail                          string      DB_EXTENDED  ---这个参数就是控制是否生成申计文件，且以何种格式生成申计文件,

SQL>

 

 

3,测试特权用户的操作

 

SQL> show user

USER is "SYS"

SQL> create table lv(a int);

 

Table created.

 

SQL>

bash-3.00$ ls -lrt|tail -3f

-rw-r-----   1 ora10g   oinstall    1157  9月  8 06:14 ora_21747.aud

-rw-r-----   1 ora10g   oinstall     737  9月  8 06:15 ora_21748.aud

-rw-r-----   1 ora10g   oinstall    1505  9月  8 06:25 ora_21767.aud

bash-3.00$ tail -f ora_21767.aud

STATUS: 0

 

Tue Sep  8 06:25:19 2009

ACTION : 'create table lv(a int)'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

SQL> show user

USER is "SYS"

SQL> insert table lv values(1);

 

1 row created.

SQL>

 

Tue Sep  8 06:27:43 2009

ACTION : 'insert into lv values(1)'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:27:45 2009

ACTION : 'commit'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

 

 

SQL> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL>

 

bash-3.00$ tail -f ora_21767.aud

STATUS: 0

 

Tue Sep  8 06:27:45 2009

ACTION : 'commit'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:30:26 2009

ACTION : 'ALTER DATABASE CLOSE NORMAL'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:30:26 2009

ACTION : 'ALTER DATABASE DISMOUNT'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:30:26 2009

ACTION : 'SHUTDOWN'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

SQL> startup nomount

ORACLE instance started.

 

Total System Global Area  314572800 bytes

Fixed Size                  1279964 bytes

Variable Size              79693860 bytes

Database Buffers          230686720 bytes

Redo Buffers                2912256 bytes

SQL> alter database mount;

 

Database altered.

 

SQL> alter database open;

 

Database altered.

 

SQL>

 

bash-3.00$ ls -lrt|tail -3f

-rw-r-----   1 ora10g   oinstall    2243  9月  8 06:30 ora_21767.aud

-rw-r-----   1 ora10g   oinstall    1175  9月  8 06:32 ora_22161.aud

-rw-r-----   1 ora10g   oinstall    1008  9月  8 06:32 ora_22188.aud

bash-3.00$ tail -f ora_22188.aud

STATUS: 0

 

Tue Sep  8 06:32:05 2009

ACTION : 'SELECT DECODE(null,'','Total System Global Area','') NAME_COL_PLUS_SHOW_SGA,   SUM(VALUE), DECODE (null,'', 'bytes','') units_col_plus_show_sga FROM V$SGA    UNION ALL    SELECT NAME NAME_COL_PLUS_SHOW_SGA , VALUE,    DECODE (null,'', 'bytes','') units_col_plus_show_sga FROM V$SGA'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:32:52 2009

ACTION : 'alter database mount'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:33:23 2009

ACTION : 'alter database open'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

 

4,适用范围

适用于控制sysdba角色及sysoper角色及dba色色的用户所作的各种操作

 

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/9240380/viewspace-614133/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/9240380/viewspace-614133/