oracle10g_audit_solaris_利用audit_sys_operations

wisdomone1發表於2009-09-07
Oracle
Normal 0 7.8 磅 0 2 false false false MicrosoftInternetExplorer4 1,術語簡解

  AUDIT_SYS_OPERATIONS

Property

Description

Parameter type

Boolean

Default value

false

Modifiable

No

Range of values

true | false

Basic

No

 

AUDIT_SYS_OPERATIONS enables or disables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges. The audit records are written to the operating system's audit trail. The audit records will be written in XML format if the AUDIT_TRAIL initialization parameter is set to XML.

此引數為靜態引數,修改後要重啟資料庫例項

 

AUDIT_TRAIL

Property

Description

Parameter type

String

Syntax

AUDIT_TRAIL = { none | os | db | db,extended | xml | xml,extended }

Default value

none

Modifiable

No

Basic

No

 

AUDIT_TRAIL enables or disables database auditing.

Values:

  • none

Disables database auditing.

  • os

Enables database auditing and directs all audit records to the operating system's audit trail.

  • db

Enables database auditing and directs all audit records to the database audit trail (the SYS.AUD$ table).

  • db,extended

Enables database auditing and directs all audit records to the database audit trail (the SYS.AUD$ table). In addition, populates the SQLBIND and SQLTEXT CLOB columns of the SYS.AUD$ table.

  • xml

Enables database auditing and writes all audit records to XML format OS files.

  • xml,extended

Enables database auditing and prints all columns of the audit trail, including SqlText and SqlBind values.

 

2,配置操作步驟

SQL> alter system set audit_sys_operations=true scope=spfile;

 

System altered.

SQL>shutdown immediate

 

SQL>startup

 

SQL> show parameter audit

 

NAME                                 TYPE        VALUE

------------------------------------ ----------- ------------------------------

audit_file_dest                      string      /oracle/admin/ora10g/adump  --注:所有申計記錄檔案儲存在這個目錄下

audit_sys_operations                 boolean     TRUE

audit_syslog_level                   string

audit_trail                          string      DB_EXTENDED  ---這個引數就是控制是否生成申計檔案,且以何種格式生成申計檔案,

SQL>

 

 

3,測試特權使用者的操作

 

SQL> show user

USER is "SYS"

SQL> create table lv(a int);

 

Table created.

 

SQL>

bash-3.00$ ls -lrt|tail -3f

-rw-r-----   1 ora10g   oinstall    1157  9  8 06:14 ora_21747.aud

-rw-r-----   1 ora10g   oinstall     737  9  8 06:15 ora_21748.aud

-rw-r-----   1 ora10g   oinstall    1505  9  8 06:25 ora_21767.aud

bash-3.00$ tail -f ora_21767.aud

STATUS: 0

 

Tue Sep  8 06:25:19 2009

ACTION : 'create table lv(a int)'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

SQL> show user

USER is "SYS"

SQL> insert table lv values(1);

 

1 row created.

SQL>

 

Tue Sep  8 06:27:43 2009

ACTION : 'insert into lv values(1)'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:27:45 2009

ACTION : 'commit'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

 

 

SQL> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL>

 

bash-3.00$ tail -f ora_21767.aud

STATUS: 0

 

Tue Sep  8 06:27:45 2009

ACTION : 'commit'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:30:26 2009

ACTION : 'ALTER DATABASE CLOSE NORMAL'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:30:26 2009

ACTION : 'ALTER DATABASE DISMOUNT'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:30:26 2009

ACTION : 'SHUTDOWN'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

SQL> startup nomount

ORACLE instance started.

 

Total System Global Area  314572800 bytes

Fixed Size                  1279964 bytes

Variable Size              79693860 bytes

Database Buffers          230686720 bytes

Redo Buffers                2912256 bytes

SQL> alter database mount;

 

Database altered.

 

SQL> alter database open;

 

Database altered.

 

SQL>

 

bash-3.00$ ls -lrt|tail -3f

-rw-r-----   1 ora10g   oinstall    2243  9  8 06:30 ora_21767.aud

-rw-r-----   1 ora10g   oinstall    1175  9  8 06:32 ora_22161.aud

-rw-r-----   1 ora10g   oinstall    1008  9  8 06:32 ora_22188.aud

bash-3.00$ tail -f ora_22188.aud

STATUS: 0

 

Tue Sep  8 06:32:05 2009

ACTION : 'SELECT DECODE(null,'','Total System Global Area','') NAME_COL_PLUS_SHOW_SGA,   SUM(VALUE), DECODE (null,'', 'bytes','') units_col_plus_show_sga FROM V$SGA    UNION ALL    SELECT NAME NAME_COL_PLUS_SHOW_SGA , VALUE,    DECODE (null,'', 'bytes','') units_col_plus_show_sga FROM V$SGA'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:32:52 2009

ACTION : 'alter database mount'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:33:23 2009

ACTION : 'alter database open'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

 

4,適用範圍

適用於控制sysdba角色及sysoper角色及dba色色的使用者所作的各種操作

 

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/9240380/viewspace-614133/,如需轉載,請註明出處,否則將追究法律責任。

相關文章