管理AUDIT_TRAIL初始化引數配置標準審計

Enabling or Disabling the Standard Audit Trail

You enable the standard audit trail by setting the AUDIT_TRAIL initialization 
parameter. This setting determines whether to create the audit trail in the database 
audit trail, write the audit activities to an operating system file, or to disable auditing. 
透過開啟audit_trail引數開啟審計，這個引數決定了是否以資料庫記錄審計軌跡、以作業系統檔案記錄審計內容或是關閉審計

To enable or disable the standard audit trail, log in to SQL*Plus with administrative 
privileges, and use the ALTER SYSTEM statement. Afterwards, you need to restart the 
database instance

使用alter system命令開啟或關閉審計，之後，需要重啟例項。

To check the current value of the AUDIT_TRAIL parameter, use the SHOW PARAMETER 
command in SQL*Plus

Example 9–1 shows how to check the AUDIT_TRAIL parameter setting. 
SHOW PARAMETER AUDIT_TRAIL
NAME TYPE VALUE
------------------------------------ ----------- -------
audit_trail string DB

Example 9–2 shows how to log onto SQL*Plus, enable the standard audit trail, and 
then restart the database instance. 
Example 9–2 Enabling the Standard Audit Trail
CONNECT SYSTEM
Enter password: password
ALTER SYSTEM SET AUDIT_TRAIL=DB SCOPE=SPFILE;
System altered.
CONNECT SYS/AS SYSOPER
Enter password: password
SHUTDOWN
Database closed.
Database dismounted.
ORACLE instance shut down.
STARTUP
ORACLE instance started.

This example uses the SCOPE clause because the database instance had been started 
using a server parameter file (SPFILE). Starting the database with a server parameter 
file is the preferred way of starting a database instance. See Oracle Database 
Administrator's Guide for information about creating configuring server parameter 
files.


AUDIT_TRAIL enables or disables database auditing.

Values:
■ none
Disables standard auditing. This value is the default if the AUDIT_TRAIL parameter 
was not set in the initialization parameter file or if you created the database using 
a method other than Database Configuration Assistant. If you created the database 
using Database Configuration Assistant, then the default is db.
■ os
Directs all audit records to an operating system file. Oracle recommends that you 
use the os setting, particularly if you are using an ultra-secure database 
configuration.
■ db
Directs audit records to the database audit trail (the SYS.AUD$ table), except for 
records that are always written to the operating system audit trail. Use this setting 
for a general database for manageability.
If the database was started in read-only mode with AUDIT_TRAIL set to db, then 
Oracle Database internally sets AUDIT_TRAIL to os. Check the alert log for details.
■ db, extended
Performs all actions of AUDIT_TRAIL=db, and also populates the SQL bind and SQL 
text CLOB-type columns of the SYS.AUD$ table, when available. These two 
columns are populated only when this parameter is specified.
If the database was started in read-only mode with AUDIT_TRAIL set to db, 
extended, then Oracle Database internally sets AUDIT_TRAIL to os. Check the alert 
log for details.
■ xml
Writes to the operating system audit record file in XML format. Records all 
elements of the AuditRecord node except Sql_Text and Sql_Bind to the operating 
system XML audit file.
■ xml, extended
Performs all actions of AUDIT_TRAIL=xml, and populates the SQL bind and SQL 
text CLOB-type columns of the SYS.AUD$ table, wherever possible. These columns 
are populated only when this parameter is specified.
You can use the SQL AUDIT statement to set auditing options regardless of the setting 
of this parameter.

可以透過表dba_audit_trail檢視審計資訊