【FGA】將FGA細粒度審計功能的審計結果記錄在XML檔案中
Oracle引以為傲的FGA細粒度審計功能為監控系統中的異常操作提供了非常便捷的手段。本文給出使用FGA功能將審計資訊記錄到XML檔案的方法。審計資訊記錄到資料庫中的方法參考文章: 《【FGA】將FGA細粒度審計功能的審計結果記錄在資料庫中》(http://space.itpub.net/519536/viewspace-697205)。
1.初始化環境
1)清理環境
sys@ora10g> conn / as sysdba
Connected.
sys@ora10g> exec DBMS_FGA.DROP_POLICY ( object_schema => 'SEC', object_name => 'T', policy_name => 'audit_t');
PL/SQL procedure successfully completed.
sys@ora10g> conn sec/sec
Connected.
sec@ora10g> drop table t purge;
Table dropped.
2)建立待審計表T
sys@ora10g> create table t (x number(10), y varchar2(10));
Table created.
2.建立FGA審計策略
1)audit_trail引數設定說明
①audit_trail引數設定為“DBMS_FGA.DB”:審計資訊記錄到資料庫的SYS.FGA_LOG$中,但不包含SQL語句和SQL的繫結變數資訊;
②audit_trail引數設定為“DBMS_FGA.DB + DBMS_FGA.EXTENDED”(預設值):審計資訊記錄到資料庫的SYS.FGA_LOG$中,同時包含SQL語句和SQL的繫結變數資訊;
③audit_trail引數設定為“DBMS_FGA.XML”:審計資訊記錄到AUDIT_FILE_DEST引數對應的作業系統目錄下,為XML格式,但不包含SQL語句和SQL的繫結變數資訊;
④audit_trail引數設定為“DBMS_FGA.XML + DBMS_FGA.EXTENDED”:審計資訊記錄到AUDIT_FILE_DEST引數對應的作業系統目錄下,為XML格式,同時包含SQL語句和SQL的繫結變數資訊;
這裡重點介紹審計記錄到資料庫中的方法。
2)審計結果記錄到XML檔案的建立方法
sec@ora10g> conn / as sysdba
Connected.
sys@ora10g> begin
2 DBMS_FGA.ADD_POLICY (
3 object_schema => 'SEC',
4 object_name => 'T',
5 policy_name => 'audit_t',
6 audit_condition => 'X < 100',
7 audit_column => 'X',
8 enable => TRUE,
9 statement_types => 'SELECT, INSERT, UPDATE, DELETE',
10 audit_trail => DBMS_FGA.XML + DBMS_FGA.EXTENDED,
11 audit_column_opts => DBMS_FGA.ANY_COLUMNS
12 );
13 end;
14 /
PL/SQL procedure successfully completed.
3.查詢確認FGA審計策略
透過DBA_AUDIT_POLICIES檢視可以檢視資料庫中的審計規則。
sys@ora10g> col OBJECT_SCHEMA for a3
sys@ora10g> col OBJECT_NAME for a2
sys@ora10g> col POLICY_NAME for a7
sys@ora10g> col POLICY_TEXT for a10
sys@ora10g> col POLICY_COLUMN for a2
sys@ora10g> col PF_SCHEMA for a2
sys@ora10g> col PF_PACKAGE for a2
sys@ora10g> col PF_FUNCTION for a2
sys@ora10g> select * from dba_audit_policies;
OBJ OB POLICY_ POLICY_TEX PO PF PF PF ENA SEL INS UPD DEL AUDIT_TRAIL POLICY_COLU
--- -- ------- ---------- -- -- -- -- --- --- --- --- --- ------------ -----------
SEC T AUDIT_T X < 100 X YES YES YES YES YES XML+EXTENDED ANY_COLUMNS
我們建立的審計規則盡收眼底。
4.觸發審計規則並檢視審計結果
1)觸發審計規則
連線到sec使用者向表T中插入一條x列值小於100的記錄。
sys@ora10g> conn sec/sec
Connected.
sec@ora10g> insert into t values (1,'secooler');
1 row created.
sec@ora10g> commit;
Commit complete.
注意,這裡我們重新連線sec使用者再插入一條資料
sec@ora10g> conn sec/sec
Connected.
sec@ora10g> insert into t values (2,'Andy');
1 row created.
sec@ora10g> commit;
Commit complete.
2)檢視V$XML_AUDIT_TRAIL中記錄的審計資訊
sec@ora10g> conn / as sysdba
Connected.
sys@ora10g> set feedback 1
sys@ora10g> select SQL_TEXT,SQL_BIND from V$XML_AUDIT_TRAIL;
SQL_TEXT
----------------------------------------------------------
SQL_BIND
----------------------------------------------------------
insert into t values (:"SYS_B_0",:"SYS_B_1")
#1(1):1 #2(8):secooler
insert into t values (:"SYS_B_0",:"SYS_B_1")
#1(1):2 #2(4):Andy
2 rows selected.
3)檢視XML審計檔案中的內容
(1)檢視並進入到審計檔案存放目錄
ora10g@secdb /home/oracle$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sun Jun 5 21:00:24 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
sys@ora10g> show parameter user_dump_dest
sys@ora10g> show parameter audit_file_dest
NAME TYPE VALUE
----------------- ------- -------------------------------------
audit_file_dest string /oracle/ora10gR2/admin/ora10g/adump
sys@ora10g> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
ora10g@secdb /home/oracle$ cd /oracle/ora10gR2/admin/ora10g/adump
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$
(2)檢視生成的XML審計檔案種類
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ ls -tlr
total 20K
-rw-r----- 1 oracle oinstall 634 Jun 5 21:05 ora_5367.aud
-rw-r--r-- 1 oracle oinstall 970 Jun 5 21:06 ora_3217384196.xml
-rw-r--r-- 1 oracle oinstall 110 Jun 5 21:07 adx_ora10g.txt
-rw-r----- 1 oracle oinstall 634 Jun 5 21:11 ora_5400.aud
-rw-r--r-- 1 oracle oinstall 966 Jun 5 21:11 ora_3217745444.xml
其中兩個.aud結尾的檔案記錄了登入資訊,與審計具體內容無關;
adx_ora10g.txt檔案中記錄了多次登入生成的審計檔案列表;
以.xml結尾的檔案詳細記錄了被審計到的資訊。
(3)檢視adx_ora10g.txt檔案中的內容
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ cat adx_ora10g.txt
/oracle/ora10gR2/admin/ora10g/adump
ora_3217384196.xml
/oracle/ora10gR2/admin/ora10g/adump
ora_3217745444.xml
這裡表示記錄了兩次審計觸發過程。
(4)XML格式的審計資訊內容
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ cat ora_3217384196.xml
xmlns:xsi=""
xsi:schemaLocation="">
10.2
2 27598 9 1 2011-06-05T21:06:55.028121 SEC oracle oracle secdb 5378 0 SEC T AUDIT_T 2 01002D008E060000
0
#1(1):1 #2(8):secooler
insert into t values (:"SYS_B_0",:"SYS_B_1")
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ cat ora_3217745444.xml
xmlns:xsi=""
xsi:schemaLocation="">
10.2
2 27599 9 1 2011-06-05T21:07:01.368908 SEC oracle oracle secdb 5379 0 SEC T AUDIT_T 2 0600160080060000
0
#1(1):2 #2(4):Andy
insert into t values (:"SYS_B_0",:"SYS_B_1")
在以上的XML檔案中以XML格式記錄兩次被審計的內容。
5.測試審計規則不帶DBMS_FGA.EXTENDED引數內容的審計效果
若審計規則中不帶DBMS_FGA.EXTENDED引數,則觸發審計規則後,SQL語句和繫結變數值將不被記錄。
1)刪除審計策略
sys@ora10g> exec DBMS_FGA.DROP_POLICY ( object_schema => 'SEC', object_name => 'T', policy_name => 'audit_t');
PL/SQL procedure successfully completed.
2)建立不帶DBMS_FGA.EXTENDED引數僅含有DBMS_FGA.XML引數的審計規則
sys@ora10g> begin
2 DBMS_FGA.ADD_POLICY (
3 object_schema => 'SEC',
4 object_name => 'T',
5 policy_name => 'audit_t',
6 audit_condition => 'X < 100',
7 audit_column => 'X',
8 enable => TRUE,
9 statement_types => 'SELECT, INSERT, UPDATE, DELETE',
10 audit_trail => DBMS_FGA.XML,
11 audit_column_opts => DBMS_FGA.ANY_COLUMNS
12 );
13 end;
14 /
PL/SQL procedure successfully completed.
3)確認審計規則
sys@ora10g> col OBJECT_SCHEMA for a3
sys@ora10g> col OBJECT_NAME for a2
sys@ora10g> col POLICY_NAME for a7
sys@ora10g> col POLICY_TEXT for a10
sys@ora10g> col POLICY_COLUMN for a2
sys@ora10g> col PF_SCHEMA for a2
sys@ora10g> col PF_PACKAGE for a2
sys@ora10g> col PF_FUNCTION for a2
sys@ora10g> select * from dba_audit_policies;
OBJ OB POLICY_ POLICY_TEX PO PF PF PF ENA SEL INS UPD DEL AUDIT_TRAIL POLICY_COLU
--- -- ------- ---------- -- -- -- -- --- --- --- --- --- ------------ -----------
SEC T AUDIT_T X < 100 X YES YES YES YES YES XML ANY_COLUMNS
4)觸發審計規則
sys@ora10g> conn sec/sec
Connected.
sec@ora10g> insert into t values (3, 'HOU');
1 row created.
sec@ora10g> commit;
Commit complete.
5)檢視V$XML_AUDIT_TRAIL檢視中記錄的審計結果
sec@ora10g> conn / as sysdba
Connected.
sys@ora10g> set feedback 1
sys@ora10g> select SQL_TEXT,SQL_BIND from V$XML_AUDIT_TRAIL;
SQL_TEXT
----------------------------------------------------------------
SQL_BIND
----------------------------------------------------------------
insert into t values (:"SYS_B_0",:"SYS_B_1")
#1(1):1 #2(8):secooler
insert into t values (:"SYS_B_0",:"SYS_B_1")
#1(1):2 #2(4):Andy
3 rows selected.
此處顯示返回三行資訊,最後一行空內容就說明了審計資訊中沒有記錄SQL意義SQL的繫結變數資訊。
6)檢視XML檔案中記錄的審計結果
(1)審計檔案生成列表
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ ls -ltr
total 32K
-rw-r----- 1 oracle oinstall 634 Jun 5 21:05 ora_5367.aud
-rw-r--r-- 1 oracle oinstall 970 Jun 5 21:06 ora_3217384196.xml
-rw-r----- 1 oracle oinstall 634 Jun 5 21:11 ora_5400.aud
-rw-r--r-- 1 oracle oinstall 966 Jun 5 21:11 ora_3217745444.xml
-rw-r----- 1 oracle oinstall 634 Jun 5 22:08 ora_5638.aud
-rw-r--r-- 1 oracle oinstall 165 Jun 5 22:09 adx_ora10g.txt
-rw-r----- 1 oracle oinstall 634 Jun 5 22:09 ora_5644.aud
-rw-r--r-- 1 oracle oinstall 857 Jun 5 22:09 ora_3218245620.xml
(2)檢視adx_ora10g.txt檔案中的XML檔案列表
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ cat adx_ora10g.txt
/oracle/ora10gR2/admin/ora10g/adump
ora_3217384196.xml
/oracle/ora10gR2/admin/ora10g/adump
ora_3217745444.xml
/oracle/ora10gR2/admin/ora10g/adump
ora_3218245620.xml
(3)這裡我們僅需檢視最後一個XML檔案即可
這個檔案記錄了我們最後一次被觸發的審計資訊。
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ cat ora_3218245620.xml
xmlns:xsi=""
xsi:schemaLocation="">
10.2
2 27600 9 1 2011-06-05T22:09:23.529200 SEC oracle oracle secdb 5641 0 SEC T AUDIT_T 2 04001400AA060000
0
XML檔案中同樣也沒有記錄SQL以及SQL繫結變數資訊。效果得現。
6.小結
本文給出了將FGA細粒度審計結果資訊記錄在XML檔案中的方法,到此我們已經將FGA的四種審計結果記錄方式瞭然於胸。
Good luck.
secooler
11.06.05
-- The End --
1.初始化環境
1)清理環境
sys@ora10g> conn / as sysdba
Connected.
sys@ora10g> exec DBMS_FGA.DROP_POLICY ( object_schema => 'SEC', object_name => 'T', policy_name => 'audit_t');
PL/SQL procedure successfully completed.
sys@ora10g> conn sec/sec
Connected.
sec@ora10g> drop table t purge;
Table dropped.
2)建立待審計表T
sys@ora10g> create table t (x number(10), y varchar2(10));
Table created.
2.建立FGA審計策略
1)audit_trail引數設定說明
①audit_trail引數設定為“DBMS_FGA.DB”:審計資訊記錄到資料庫的SYS.FGA_LOG$中,但不包含SQL語句和SQL的繫結變數資訊;
②audit_trail引數設定為“DBMS_FGA.DB + DBMS_FGA.EXTENDED”(預設值):審計資訊記錄到資料庫的SYS.FGA_LOG$中,同時包含SQL語句和SQL的繫結變數資訊;
③audit_trail引數設定為“DBMS_FGA.XML”:審計資訊記錄到AUDIT_FILE_DEST引數對應的作業系統目錄下,為XML格式,但不包含SQL語句和SQL的繫結變數資訊;
④audit_trail引數設定為“DBMS_FGA.XML + DBMS_FGA.EXTENDED”:審計資訊記錄到AUDIT_FILE_DEST引數對應的作業系統目錄下,為XML格式,同時包含SQL語句和SQL的繫結變數資訊;
這裡重點介紹審計記錄到資料庫中的方法。
2)審計結果記錄到XML檔案的建立方法
sec@ora10g> conn / as sysdba
Connected.
sys@ora10g> begin
2 DBMS_FGA.ADD_POLICY (
3 object_schema => 'SEC',
4 object_name => 'T',
5 policy_name => 'audit_t',
6 audit_condition => 'X < 100',
7 audit_column => 'X',
8 enable => TRUE,
9 statement_types => 'SELECT, INSERT, UPDATE, DELETE',
10 audit_trail => DBMS_FGA.XML + DBMS_FGA.EXTENDED,
11 audit_column_opts => DBMS_FGA.ANY_COLUMNS
12 );
13 end;
14 /
PL/SQL procedure successfully completed.
3.查詢確認FGA審計策略
透過DBA_AUDIT_POLICIES檢視可以檢視資料庫中的審計規則。
sys@ora10g> col OBJECT_SCHEMA for a3
sys@ora10g> col OBJECT_NAME for a2
sys@ora10g> col POLICY_NAME for a7
sys@ora10g> col POLICY_TEXT for a10
sys@ora10g> col POLICY_COLUMN for a2
sys@ora10g> col PF_SCHEMA for a2
sys@ora10g> col PF_PACKAGE for a2
sys@ora10g> col PF_FUNCTION for a2
sys@ora10g> select * from dba_audit_policies;
OBJ OB POLICY_ POLICY_TEX PO PF PF PF ENA SEL INS UPD DEL AUDIT_TRAIL POLICY_COLU
--- -- ------- ---------- -- -- -- -- --- --- --- --- --- ------------ -----------
SEC T AUDIT_T X < 100 X YES YES YES YES YES XML+EXTENDED ANY_COLUMNS
我們建立的審計規則盡收眼底。
4.觸發審計規則並檢視審計結果
1)觸發審計規則
連線到sec使用者向表T中插入一條x列值小於100的記錄。
sys@ora10g> conn sec/sec
Connected.
sec@ora10g> insert into t values (1,'secooler');
1 row created.
sec@ora10g> commit;
Commit complete.
注意,這裡我們重新連線sec使用者再插入一條資料
sec@ora10g> conn sec/sec
Connected.
sec@ora10g> insert into t values (2,'Andy');
1 row created.
sec@ora10g> commit;
Commit complete.
2)檢視V$XML_AUDIT_TRAIL中記錄的審計資訊
sec@ora10g> conn / as sysdba
Connected.
sys@ora10g> set feedback 1
sys@ora10g> select SQL_TEXT,SQL_BIND from V$XML_AUDIT_TRAIL;
SQL_TEXT
----------------------------------------------------------
SQL_BIND
----------------------------------------------------------
insert into t values (:"SYS_B_0",:"SYS_B_1")
#1(1):1 #2(8):secooler
insert into t values (:"SYS_B_0",:"SYS_B_1")
#1(1):2 #2(4):Andy
2 rows selected.
3)檢視XML審計檔案中的內容
(1)檢視並進入到審計檔案存放目錄
ora10g@secdb /home/oracle$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sun Jun 5 21:00:24 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
sys@ora10g> show parameter user_dump_dest
sys@ora10g> show parameter audit_file_dest
NAME TYPE VALUE
----------------- ------- -------------------------------------
audit_file_dest string /oracle/ora10gR2/admin/ora10g/adump
sys@ora10g> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
ora10g@secdb /home/oracle$ cd /oracle/ora10gR2/admin/ora10g/adump
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$
(2)檢視生成的XML審計檔案種類
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ ls -tlr
total 20K
-rw-r----- 1 oracle oinstall 634 Jun 5 21:05 ora_5367.aud
-rw-r--r-- 1 oracle oinstall 970 Jun 5 21:06 ora_3217384196.xml
-rw-r--r-- 1 oracle oinstall 110 Jun 5 21:07 adx_ora10g.txt
-rw-r----- 1 oracle oinstall 634 Jun 5 21:11 ora_5400.aud
-rw-r--r-- 1 oracle oinstall 966 Jun 5 21:11 ora_3217745444.xml
其中兩個.aud結尾的檔案記錄了登入資訊,與審計具體內容無關;
adx_ora10g.txt檔案中記錄了多次登入生成的審計檔案列表;
以.xml結尾的檔案詳細記錄了被審計到的資訊。
(3)檢視adx_ora10g.txt檔案中的內容
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ cat adx_ora10g.txt
/oracle/ora10gR2/admin/ora10g/adump
ora_3217384196.xml
/oracle/ora10gR2/admin/ora10g/adump
ora_3217745444.xml
這裡表示記錄了兩次審計觸發過程。
(4)XML格式的審計資訊內容
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ cat ora_3217384196.xml
xmlns:xsi=""
xsi:schemaLocation="">
insert into t values (:"SYS_B_0",:"SYS_B_1")
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ cat ora_3217745444.xml
xmlns:xsi=""
xsi:schemaLocation="">
insert into t values (:"SYS_B_0",:"SYS_B_1")
在以上的XML檔案中以XML格式記錄兩次被審計的內容。
5.測試審計規則不帶DBMS_FGA.EXTENDED引數內容的審計效果
若審計規則中不帶DBMS_FGA.EXTENDED引數,則觸發審計規則後,SQL語句和繫結變數值將不被記錄。
1)刪除審計策略
sys@ora10g> exec DBMS_FGA.DROP_POLICY ( object_schema => 'SEC', object_name => 'T', policy_name => 'audit_t');
PL/SQL procedure successfully completed.
2)建立不帶DBMS_FGA.EXTENDED引數僅含有DBMS_FGA.XML引數的審計規則
sys@ora10g> begin
2 DBMS_FGA.ADD_POLICY (
3 object_schema => 'SEC',
4 object_name => 'T',
5 policy_name => 'audit_t',
6 audit_condition => 'X < 100',
7 audit_column => 'X',
8 enable => TRUE,
9 statement_types => 'SELECT, INSERT, UPDATE, DELETE',
10 audit_trail => DBMS_FGA.XML,
11 audit_column_opts => DBMS_FGA.ANY_COLUMNS
12 );
13 end;
14 /
PL/SQL procedure successfully completed.
3)確認審計規則
sys@ora10g> col OBJECT_SCHEMA for a3
sys@ora10g> col OBJECT_NAME for a2
sys@ora10g> col POLICY_NAME for a7
sys@ora10g> col POLICY_TEXT for a10
sys@ora10g> col POLICY_COLUMN for a2
sys@ora10g> col PF_SCHEMA for a2
sys@ora10g> col PF_PACKAGE for a2
sys@ora10g> col PF_FUNCTION for a2
sys@ora10g> select * from dba_audit_policies;
OBJ OB POLICY_ POLICY_TEX PO PF PF PF ENA SEL INS UPD DEL AUDIT_TRAIL POLICY_COLU
--- -- ------- ---------- -- -- -- -- --- --- --- --- --- ------------ -----------
SEC T AUDIT_T X < 100 X YES YES YES YES YES XML ANY_COLUMNS
4)觸發審計規則
sys@ora10g> conn sec/sec
Connected.
sec@ora10g> insert into t values (3, 'HOU');
1 row created.
sec@ora10g> commit;
Commit complete.
5)檢視V$XML_AUDIT_TRAIL檢視中記錄的審計結果
sec@ora10g> conn / as sysdba
Connected.
sys@ora10g> set feedback 1
sys@ora10g> select SQL_TEXT,SQL_BIND from V$XML_AUDIT_TRAIL;
SQL_TEXT
----------------------------------------------------------------
SQL_BIND
----------------------------------------------------------------
insert into t values (:"SYS_B_0",:"SYS_B_1")
#1(1):1 #2(8):secooler
insert into t values (:"SYS_B_0",:"SYS_B_1")
#1(1):2 #2(4):Andy
3 rows selected.
此處顯示返回三行資訊,最後一行空內容就說明了審計資訊中沒有記錄SQL意義SQL的繫結變數資訊。
6)檢視XML檔案中記錄的審計結果
(1)審計檔案生成列表
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ ls -ltr
total 32K
-rw-r----- 1 oracle oinstall 634 Jun 5 21:05 ora_5367.aud
-rw-r--r-- 1 oracle oinstall 970 Jun 5 21:06 ora_3217384196.xml
-rw-r----- 1 oracle oinstall 634 Jun 5 21:11 ora_5400.aud
-rw-r--r-- 1 oracle oinstall 966 Jun 5 21:11 ora_3217745444.xml
-rw-r----- 1 oracle oinstall 634 Jun 5 22:08 ora_5638.aud
-rw-r--r-- 1 oracle oinstall 165 Jun 5 22:09 adx_ora10g.txt
-rw-r----- 1 oracle oinstall 634 Jun 5 22:09 ora_5644.aud
-rw-r--r-- 1 oracle oinstall 857 Jun 5 22:09 ora_3218245620.xml
(2)檢視adx_ora10g.txt檔案中的XML檔案列表
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ cat adx_ora10g.txt
/oracle/ora10gR2/admin/ora10g/adump
ora_3217384196.xml
/oracle/ora10gR2/admin/ora10g/adump
ora_3217745444.xml
/oracle/ora10gR2/admin/ora10g/adump
ora_3218245620.xml
(3)這裡我們僅需檢視最後一個XML檔案即可
這個檔案記錄了我們最後一次被觸發的審計資訊。
ora10g@secdb /oracle/ora10gR2/admin/ora10g/adump$ cat ora_3218245620.xml
xmlns:xsi=""
xsi:schemaLocation="">
XML檔案中同樣也沒有記錄SQL以及SQL繫結變數資訊。效果得現。
6.小結
本文給出了將FGA細粒度審計結果資訊記錄在XML檔案中的方法,到此我們已經將FGA的四種審計結果記錄方式瞭然於胸。
Good luck.
secooler
11.06.05
-- The End --
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/519536/viewspace-697209/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 【FGA】將FGA細粒度審計功能的審計結果記錄在資料庫中資料庫
- oracle 細粒度審計(fga)Oracle
- Fine-grainedauditing(FGA) 細粒度審計AI
- Oracle FGA審計功能Oracle
- 細粒度審計FGA儲存過程含義儲存過程
- Oracle FGA細粒度審計——基於內容的資料庫審計(一)Oracle資料庫
- Oracle FGA細粒度審計——基於內容的資料庫審計(二)Oracle資料庫
- Oracle FGA細粒度審計——基於內容的資料庫審計(三)Oracle資料庫
- 【FGA】擴充套件Oracle細粒度審計功能——呼叫定製的儲存過程套件Oracle儲存過程
- 將審計記錄儲存到xml檔案XML
- oracle fga審計(欄位級)Oracle
- 利用Oracle FGA實現審計Oracle
- 【實驗】【審計】【FGA】使用Oracle的審計功能監控資料庫中的可疑操作Oracle資料庫
- Oracle Database標準審計和細粒度審計功能OracleDatabase
- FGA審計及audit_trail引數AI
- oracle細粒度審計Oracle
- Fine-Grained Auditing test (精細審計:FGA測試)AI
- oracle審計-細粒度(轉)Oracle
- Oracle OCP(52):細粒度審計Oracle
- oracle 10g 增強審計(二)----細粒度訪問審計Oracle 10g
- ORACLE的 審計功能Oracle
- Oracle 審計功能Oracle
- MySQL審計功能MySql
- oracle審計功能Oracle
- 資料庫安全審計在資料安全中的功能資料庫
- Oracle FGAOracle
- Java審計之檔案操作漏洞Java
- 再談審計專案審計質量(轉)
- 初識ORACLE的審計功能Oracle
- 開啟Oracle的審計功能Oracle
- 關於oracle審計功能Oracle
- mysql啟用審計功能MySql
- LINUX AS 5 審計功能Linux
- 程式碼審計————目錄
- 遷移審計目錄
- Oracle FGA稽核Oracle
- ORACLE VPD AND FGAOracle
- 從審計結果看建築行業管理中存在的問題(轉)行業