当前位置:数据库 > Oracle >>

oracle数据库审计功能

oracle数据库审计功能
 
audit_trail:参数设置启动或是关闭数据库的审计功能:
有none,
os
db
db,extended
xml
xml,extended
note:
当参数为db,extended或是xml,extended的时候会在aud$表中额外记录sql bind 和sql text clob-type的字段。
If the database was started in read-only mode with AUDIT_TRAIL set to db, extended, then Oracle Database internally sets AUDIT_TRAIL to os. Check the alert log for details.
然后看一下数据库日志:
alter database open read only
AUDIT_TRAIL initialization parameter is changed to OS, as DB is NOT compatible for database opened with read-only access
SMON: enabling cache recovery
Database Characterset is WE8MSWIN1252
Opening with Resource Manager plan: DEFAULT_MAINTENANCE_PLAN

 

可以看到当数据库audit_tail参数设置为db,但是我依然使用open read only打开的话,那么会自动转到os,当正常启动后,那么会自动转到db状态。
可以查看audit_file_dest参数,进行查看os文件所在位置:
eg:
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string OS
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 405020672 bytes
Fixed Size 2213816 bytes
Variable Size 251660360 bytes
Database Buffers 146800640 bytes
Redo Buffers 4345856 bytes
Database mounted.
Database opened.
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
SQL>

 

这里,我突然想起了一个老外(Nagaraj S)的问题,那就是如果审计内容非常大的话,那么system表空间会存在 空间不足情况,怎么自动删除。随后,很多国外的专家分别给出了自己的建议(如,Patterson,Joel,Steve Gardiner,Iggy Fernandez,Christopher等等)看如下邮件信息:
Hello Gurus,
I have a task to purge aud$ table and it need to done in automated way
on every month. Please help on sharing the purge script to schedule in db
scheduler
 
-Naga
好了,然后我们看看老外有什么好的办法。首先看看Ulfet的方法:
1)Archive and purge aud$ table
>创建新的表空间,创建新的归档表 ,创建过程,创建调度计划或是crontab,执行检查结果。
我实验结果如下:
eg:
[root@oracle-one ~]# su - oracle
[oracle@oracle-one ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on Fri Aug 16 02:43:02 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 405020672 bytes
Fixed Size 2213816 bytes
Variable Size 251660360 bytes
Database Buffers 146800640 bytes
Redo Buffers 4345856 bytes
Database mounted.
Database opened.
SQL> select sysdate from dual;
SYSDATE
---------
16-AUG-13
SQL> col name for a60
SQL> select file#,name from v$datafile;
FILE# NAME
---------- ------------------------------------------------------------
1 /opt/app/oracle/RHYS/system01.dbf
2 /opt/app/oracle/RHYS/sysaux01.dbf
3 /opt/app/oracle/RHYS/undotbs01.dbf
4 /opt/app/oracle/RHYS/users01.dbf
5 /opt/app/oracle/RHYS/test.dbf
SQL> create tablespace arch_tbs datafile '/opt/app/oracle/RHYS/arch_tbs01.dbf' size 500M;
Tablespace created.
SQL> set pagesize 2000 
SQL> select to_char(dbms_metadata.get_ddl('TABLE','AUD$')) FROM DUAL;
TO_CHAR(DBMS_METADATA.GET_DDL('TABLE','AUD$'))
--------------------------------------------------------------------------------
CREATE TABLE "SYS"."AUD$"
( "SESSIONID" NUMBER NOT NULL ENABLE,
"ENTRYID" NUMBER NOT NULL ENABLE,
"STATEMENT" NUMBER NOT NULL ENABLE,
"TIMESTAMP#" DATE,
"USERID" VARCHAR2(30),
"USERHOST" VARCHAR2(128),
"TERMINAL" VARCHAR2(255),
"ACTION#" NUMBER NOT NULL ENABLE,
"RETURNCODE" NUMBER NOT NULL ENABLE,
"OBJ$CREATOR" VARCHAR2(30),
"OBJ$NAME" VARCHAR2(128),
"AUTH$PRIVILEGES" VARCHAR2(16),
"AUTH$GRANTEE" VARCHAR2(30),
"NEW$OWNER" VARCHAR2(30),
"NEW$NAME" VARCHAR2(128),
"SES$ACTIONS" VARCHAR2(19),
"SES$TID" NUMBER,
"LOGOFF$LREAD" NUMBER,
"LOGOFF$PREAD" NUMBER,
"LOGOFF$LWRITE" NUMBER,
"LOGOFF$DEAD" NUMBER,
"LOGOFF$TIME" DATE,
"COMMENT$TEXT" VARCHAR2(4000),
"CLIENTID" VARCHAR2(64),
"SPARE1" VARCHAR2(255),
"SPARE2" NUMBER,
"OBJ$LABEL" RAW(255),
"SES$LABEL" RAW(255),
"PRIV$USED" NUMBER,
"SESSIONCPU" NUMBER,
"NTIMESTAMP#" TIMESTAMP (6),
"PROXY$SID" NUMBER,
"USER$GUID" VARCHAR2(32),
"INSTANCE#" NUMBER,
"PROCESS#" VARCHAR2(16),
"XID" RAW(8),
"AUDITID" VARCHAR2(64),
"SCN" NUMBER,
"DBID" NUMBER,
"SQLBIND" CLOB,
"SQLTEXT" CLOB,
"OBJ$EDITION" VARCHAR2(30)
) PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255 NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT FLASH_CACHE DE
FAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "SYSTEM"
LOB ("SQLBIND") STORE AS BASICFILE (
TABLESPACE "SYSTEM" ENABLE STORAGE IN ROW CHUNK 8192 RETENTION
NOCACHE LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT FLASH_CACHE DE
FAULT CELL_FLASH_CACHE DEFAULT))
LOB ("SQLTEXT") STORE AS BASICFILE (
TABLESPACE "SYSTEM" ENABLE STORAGE IN ROW CHUNK 8192 RETENTION
NOCACHE LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT FLASH_CACHE DE
FAULT CELL_FLASH_CACHE DEFAULT))

SQL> 
SQL> CREATE TABLE sys.AUD$_ARCH
2 ( SESSIONID NUMBER NOT NULL ENABLE,
3 ENTRYID NUMBER NOT NULL ENABLE,
4 STATEMENT NUMBER NOT NULL ENABLE,
5 TIMESTAMP# DATE,
6 USERID VARCHAR2(30),
7 USERHOST VARCHAR2(128),
8 TERMINAL VARCHAR2(255),
9 ACTION# NUMBER NOT NULL ENABLE,
10 RETURNCODE NUMBER NOT NULL ENABLE,
11 OBJ$CREATOR VARCHAR2(30),
12 OBJ$NAME VARCHAR2(128),
13 AUTH$PRIVILEGES VARCHAR2(16),
14 AUTH$GRANTEE VARCHAR2(30),
15 NEW$OWNER VARCHAR2(30),
16 NEW$NAME VARCHAR2(128),
SES$ACTIONS VARCHAR2(19),
17 18 SES$TID NUMBER,
19 LOGOFF$LREAD NUMBER,
20 LOGOFF$PREAD NUMBER,
21 LOGOFF$LWRITE NUMBER,
22 LOGOFF$DEAD NUMBER,
23 LOGOFF$TIME DATE,
24 COMMENT$TEXT VARCHAR2(4000),
25 CLIENTID VARCHAR2(64),
26 SPARE1 VARCHAR2(255),
27 SPARE2 NUMBER,
28 OBJ$LABEL RAW(255),
29 SES$LABEL RAW(255),
30 PRIV$USED NUMBER,
31 SESSIONCPU NUMBER,
32 NTIMESTAMP# TIMESTAMP (6),
33 PROXY$SID NUMBER,
34 USER$GUID VARCHAR2(32),
35 INSTANCE# NUMBER,
36 PROCESS# VARCHAR2(16),
37 XID RAW(8),
38 AUDITID VARCHAR2(64),
39 SCN NUMBER,
40 DBID NUMBER,
41 SQLBIND CLOB,
42 SQLTEXT CLOB,
43 OBJ$EDITION VARCHAR2(30)
44 ) 
45 tablespace arch_tbs
46 nologging;
Table created.

 

 

上一个:[Oracle] 探讨分区之一 -分区剪枝
下一个:USING Auotomatic Shared Memory Management

更多图片编程知识:
更多Oracle疑问解答:
运行exp备份oracle数据库提示oracle-12154错误
有没有,生产Oracle Rman 备份脚本的工具啊!
初学orcle,希望有大大帮忙解说一下详细步骤,从登录oracle到创建表的过程
oracle语句问题:一张user表,三个字段,id,name,time,插入记录比如:张三2007,李四2008,张三2011
如何写一个ORACLE触发器同步两个表中的数据?
oracle 如何查看一个服务器上有多少个数据库.
oracle 创建包的时候错误 求解
oracle 重复列的问题
oracle 中如何查处2星期前的数据
请教oracle数据库安装中的问题
请问谁能提供给我标准的oracle ERP的数据库表结构并详细说明各表主要的作用?
安装oracle遇到的问题 invalid entry CRC (expected 0x3e12e795 but got 0x9db0e9fd)
我的是ORACLE 10G,在RMAN中如何按指定的时间恢复数据文件啊?
oracle为什么没有自动增长列
oracle快捷键都有哪些啊?
Oracle
MySQL
Access
SQLServer
DB2
Excel
SQLite
SYBASE
Postgres
如果你遇到数据库难题:
请访问www.zzzyk.com 试试
CopyRight © 2012 站长网 编程知识问答 www.zzzyk.com All Rights Reserved
部份技术文章来自网络,