Script to Show Audit Options/Audit Trail (Doc ID 1019552.6)
Script to Show Audit Options/Audit Trail (Doc ID 1019552.6)
| Abstract | |
|---|---|
| Show Audit Options/Audit Trail and audited system privileges | |
|
Product Name, Product Version |
Oracle Server Enterprise Edition
|
| Platform | Generic |
| Creation Date | 29-OCT-2002 |
| Check Date | ***Checked for relevance on 21-Feb-2013*** |
| Instructions | |
You can run TFSAUDIT.SQL when you have the following privileges: SELECT on DBA_OBJ_AUDIT_OPTS, DBA_STMT_AUDIT_OPTS, DBA_AUDIT_TRAIL and DBA_PRIV_AUDIT_OPTS. PROOFREAD THIS SCRIPT BEFORE USING IT! Due to differences in the way text editors, e-mail packages, and operating systems handle text formatting (spaces, tabs, and carriage returns), this script may not be in an executable state when you first receive it. Check over the script to ensure that errors of this type are corrected. |
|
| Description | |
This script will show you what is being audited in the database and will provide the audit trail. | |
| References | |
Note.1020945.6 How to Setup Auditing Note.167293.1 Some examples about auditing and output of auditing Note.41800.1 Quick Reference to Auditing Information Note.222807.1 How To Audit GRANT ANY PRIVILEGE Or GRANT ANY ROLE |
|
| Script | |
SET ECHO off
REM NAME: TFSAUDIT.SQL
REM USAGE:"@path/tfsaudit"
REM --------------------------------------------------------------------------
REM REQUIREMENTS:
REM SELECT ON DBA_OBJ_AUDIT_OPTS, DBA_STMT_AUDIT_OPTS, DBA_AUDIT_TRAIL
REM and DBA_PRIV_AUDIT_OPTS
REM --------------------------------------------------------------------------
REM AUTHOR:
REM Geert De Paep - Oracle Belgium
REM --------------------------------------------------------------------------
REM PURPOSE:
REM see what is being audited in the database, and to see the audit_trail
REM -------------------------------------------------------------------------
REM DISCLAIMER:
REM This script is provided for educational purposes only. It is NOT
REM supported by Oracle World Wide Technical Support.
REM The script has been tested and appears to work as intended.
REM You should always run new scripts on a test instance initially.
REM --------------------------------------------------------------------------
REM Main text of script follows:
col user_name for a12 heading "User name"
col proxy_name for a12 heading "Proxy name"
col privilege for a30 heading "Privilege"
col user_name for a12 heading "User name"
col audit_option format a30 heading "Audit Option"
col timest format a13
col userid format a8 trunc
col obn format a10 trunc
col name format a13 trunc
col sessionid format 99999
col entryid format 999
col owner format a10
col object_name format a10
col object_type format a6
col priv_used format a15 trunc
break on user_name
set pages 1000
set pause 'Return...'
pause Press return to see the audit related parameters...
col name for a20
col display_value for a20
SELECT NAME ,DISPLAY_VALUE
FROM V$PARAMETER
WHERE UPPER(NAME) LIKE UPPER('%audit%')
ORDER BY NAME,ROWNUM
/
prompt
prompt System auditing options across the system and by user
select * from sys.dba_stmt_audit_opts
order by user_name, proxy_name, audit_option
/
pause Press return to see auditing options on all objects...
select owner, object_name, object_type,
alt,aud,com,del,gra,ind,ins,loc,ren,sel,upd,ref,exe
from sys.dba_obj_audit_opts
where
alt !='-/-' or aud !='-/-' or com !='-/-'
or del !='-/-' or gra !='-/-' or ind !='-/-'
or ins !='-/-' or loc !='-/-' or ren !='-/-'
or sel !='-/-' or upd !='-/-' or ref !='-/-' or exe !='-/-'
/
pause Press return to see audit trail... Note that the query returns the audit data for the last day only
col acname format a12 heading "Action name"
select username userid, to_char(timestamp,'dd-mon hh24:mi') timest ,
action_name acname, priv_used, obj_name obn, ses_actions
from sys.dba_audit_trail
where timestamp>sysdate-1
order by timestamp
/
pause Press return to see system privileges audited across the system and by user...
select * from dba_priv_audit_opts
order by user_name, proxy_name, privilege
/
|
|
| Sample Output | |
SQL> @tfsaudit
System auditing options across the system and by user
User name Proxy name Audit Option SUCCESS FAILURE
------------ ------------ ------------------------------ ---------- ----------
SCOTT ALTER ANY CLUSTER BY ACCESS BY ACCESS
ALTER ANY DIMENSION BY ACCESS BY ACCESS
ALTER ANY INDEX BY ACCESS BY ACCESS
...
129 rows selected.
Press return to see auditing options on all objects...
OWNER OBJECT_NAM OBJECT ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE
---------- ---------- ------ --- --- --- --- --- --- --- --- --- --- --- --- ---
CTXSYS SYS_IOT_OV TABLE / / / / / / / / / / / / /
ER_24695
CTXSYS SYS_IOT_OV TABLE / / / / / / / / / / / / /
ER_24786
Press return to see audit trail...
USERID TIMEST Action name PRIV_USED OBN SES_ACTIONS
-------- ------------- ------------ --------------- ---------- -------------------
SYSTEM 20-jun 11:07 SYSTEM GRANT GRANT ANY ROLE
SYSTEM 20-jun 11:07 SYSTEM GRANT
SYSTEM 20-jun 11:07 SYSTEM GRANT
...
19 rows selected.
Press return to see system privileges audited across the system and by user...
User name Proxy name Privilege SUCCESS FAILURE
------------ ------------ ------------------------------ ---------- ----------
SCOTT ADMINISTER DATABASE TRIGGER BY ACCESS BY ACCESS
ADMINISTER RESOURCE MANAGER BY ACCESS BY ACCESS
ALTER ANY CLUSTER BY ACCESS BY ACCESS
...
118 rows selected.
|
|
| Disclaimer | |
EXCEPT WHERE EXPRESSLY PROVIDED OTHERWISE, THE INFORMATION, SOFTWARE, PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. ORACLE EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. ORACLE MAKES NO WARRANTY THAT: (A) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SOFTWARE WILL BE ACCURATE OR RELIABLE; OR (B) THE INFORMATION, OR OTHER MATERIAL OBTAINED WILL MEET YOUR EXPECTATIONS. ANY CONTENT, MATERIALS, INFORMATION OR SOFTWARE DOWNLOADED OR OTHERWISE OBTAINED IS DONE AT YOUR OWN DISCRETION AND RISK. ORACLE SHALL HAVE NO RESPONSIBILITY FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY CONTENT, MATERIALS, INFORMATION OR SOFTWARE. ORACLE RESERVES THE RIGHT TO MAKE CHANGES OR UPDATES TO THE SOFTWARE AT ANY TIME WITHOUT NOTICE. |
|
| Limitation of Liability | |
IN NO EVENT SHALL ORACLE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF, THE SOFTWARE. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY. ACCORDINGLY, SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. |
|
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/17252115/viewspace-1136254/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Database Audit and Audit trail purgingDatabaseAI
- audit_trail與extended!AI
- AUD: Audit Commit Delay exceeded, written a copy to OS Audit TrailMITAI
- FGA審計及audit_trail引數AI
- ORACLE初始化引數:AUDIT_TRAILOracleAI
- AUDIT_TRAIL設定及審計日誌清理AI
- ORA-09925: Unable to create audit trail file彙總AI
- Oracle案例01——ORA-09925: Unable to create audit trail fileOracleAI
- Oracle中審計引數audit_trail的討論(轉)OracleAI
- FN_AUDIT - Name of security audit file
- 10g初始化引數AUDIT_TRAIL變化(二)AI
- 10g初始化引數AUDIT_TRAIL變化(一)AI
- 管理AUDIT_TRAIL初始化引數配置標準審計AI
- Script to Show System and Object Privs for a User (Doc ID 1019508.6)Object
- ORACLE AUDITOracle
- RHEL審計內容/etc/audit/audit.rules
- audit by user by table
- Oracle Audit setupOracle
- audit審計
- oracle audit and securityOracle
- 審計--audit
- mysql-auditMySql
- mysqlalchemy audit extensionMySql
- oracle10g_audit_solaris_利用audit_sys_operationsOracle
- [20140529]11g下引數audit_trail的修改.txtAI
- ORALCE 的AUDIT 以及開啟AUDIT對REDO 的影響
- MySQL審計auditMySql
- AUDIT審計(2)
- Oracle 審計 auditOracle
- oracle 審計(Audit)Oracle
- Audit Vault and Database VaultDatabase
- SQL Server 審計(Audit)SQLServer
- ORACLE AUDIT審計(1)Oracle
- SAP Security Audit log size
- 使用sqlplus連線資料庫報ORA-09925: Unable to create audit trail fileSQL資料庫AI
- fluentd 推送 mariadb audit log
- linux監控工具auditLinux
- oracle開啟audit(審計)Oracle