大家好,我用下面的方法开启升级戏以后,发现有些已经打开了,但是没用,下面是我步骤
登录数据库
1.sqlplus /nolog
2.connect / as sysdba;
3.修改审计表,以及索引的表空间
sql>alter table aud$ move tablespace SJJAUDITTBS;
sql>alter index I_aud1 rebuild online tablespace SJJAUDITTBS;
sql>alter table audit$ move tablespace SJJAUDITTBS;
sql>alter index i_audit rebuild online tablespace SJJAUDITTBS;
sql>alter table audit_actions move tablespace SJJAUDITTBS;
sql>alter index i_audit_actions rebuild online tablespace SJJAUDITTBS;
4.开启审计
SQL> conn /as sysdba
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/ORCL/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
SQL> alter system set audit_sys_operations=TRUE scope=spfile;
SQL> alter system set audit_trail=db,extended scope=spfile;
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 524288000 bytes
Fixed Size 1220336 bytes
Variable Size 197132560 bytes
Database Buffers 318767104 bytes
Redo Buffers 7168000 bytes
Database mounted.
Database opened.
SQL> alter system set audit_sys_operations=TRUE scope=spfile;
System altered.
SQL> alter system set audit_trail=db,extended scope=spfile;
System altered.
SQL> startup force;
ORACLE instance started.
Total System Global Area 524288000 bytes
Fixed Size 1220336 bytes
Variable Size 205521168 bytes
Database Buffers 310378496 bytes
Redo Buffers 7168000 bytes
Database mounted.
Database opened.
SQL> show parameter audit;
NAME TYPE
------------------------------------ ---------------------------------
VALUE
------------------------------
audit_file_dest string
/u01/app/oracle/admin/SJJ/adum
p
audit_sys_operations boolean
TRUE
audit_syslog_level string
audit_trail string
DB, EXTENDED
SQL> AUDIT DROP ANY TABLE by access;
Audit succeeded.
SQL> commit;
Commit complete.
我用sys用户 通过 sysdba登录 执行 AUDIT DROP ANY TABLE by access; 已经用system用户登录 执行 AUDIT DROP ANY TABLE by access; 命令后,自己手工的去删除表。但是通过
SELECT OS_USERNAME,
USERNAME,
USERHOST,
TERMINAL,
TIMESTAMP,
OWNER,
obj_name,
ACTION_NAME,
sessionid,
os_process,
sql_text
FROM dba_audit_trail;
却查不到数据。
但是在某个用户 下 执行 audit all on TABLE01; 用上面的语句却能查到。
请高手指教一下。