oracle11g審計

zhouxianwang發表於2014-06-13
Oracle
在oracle11g中,資料庫的審計功能是預設開啟的(這和oracle10g的不一樣,10g預設是關閉的),oracle11gR2的官方文件上寫的是錯的,當上說default是none,而且是審計到DB級別的,這樣就會往aud$表裡記錄統計資訊。
 
問題處理方法:
1.如果審計不是必須的,可以關掉審計功能;

SQL> show parameter audit_trail;

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_trail                          string      DB
SQL> alter system set audit_trail=none scope=spfile;
SQL> shut immediate;
SQL>startup
2.刪除已有的審計資訊
可以直接truncate表aud$,

truncate table SYS.AUD$;



truncate table SYS.AUD$;
3.或者將aud$表移到另外一個表空間下,以減少system表空間的壓力和被撐爆的風險。
 
附:11g中有關audit_trail引數的設定說明:

AUDIT_TRAIL

Property Description
Parameter type String
Syntax AUDIT_TRAIL = { none | os | db [, extended] | xml [, extended] }
Default value none
Modifiable No
Basic No

AUDIT_TRAIL enables or disables database auditing.

Values:

  • none

    Disables standard auditing. This value is the default if the AUDIT_TRAIL parameter was not set in the initialization parameter file or if you created the database using a method other than Database Configuration Assistant. If you created the database using Database Configuration Assistant, then the default is db.

  • os

    Directs all audit records to an operating system file. Oracle recommends that you use the os setting, particularly if you are using an ultra-secure database configuration.

  • db

    Directs audit records to the database audit trail (the SYS.AUD$ table), except for records that are always written to the operating system audit trail. Use this setting for a general database for manageability.

    If the database was started in read-only mode with AUDIT_TRAIL set to db, then Oracle Database internally sets AUDIT_TRAIL to os. Check the alert log for details.

  • db, extended

    Performs all actions of AUDIT_TRAIL=db, and also populates the SQL bind and SQL text CLOB-type columns of the SYS.AUD$ table, when available. These two columns are populated only when this parameter is specified.

    If the database was started in read-only mode with AUDIT_TRAIL set to db, extended, then Oracle Database internally sets AUDIT_TRAIL to os. Check the alert log for details.

  • xml

    Writes to the operating system audit record file in XML format. Records all elements of the AuditRecord node except Sql_Text and Sql_Bind to the operating system XML audit file.

  • xml, extended

    Performs all actions of AUDIT_TRAIL=xml, and populates the SQL bind and SQL text CLOB-type columns of the SYS.AUD$ table, wherever possible. These columns are populated only when this parameter is specified.

You can use the SQL AUDIT statement to set auditing options regardless of the setting of this parameter.

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/27036311/viewspace-1181969/,如需轉載,請註明出處,否則將追究法律責任。

相關文章