oracle 数据库审计详解(一)
2013-08-16 03:11
267 查看
oracle数据库审计详解(一)
今天是2013-08-15,直到今天,所有的生活 秩序才得以慢慢恢复我之前的状态。今天在工作中看到一个数据库审计变更和监听配置。顺便学习一下,记录一下笔记。
audit_trail:参数设置启动或是关闭数据库的审计功能:
有none,
os
db
db,extended
xml
xml,extended
note:
当参数为db,extended或是xml,extended的时候会在aud$表中额外记录sql bind 和sql text clob-type的字段。
If the database was started in read-only mode with
然后看一下数据库日志:
alter database open read only
AUDIT_TRAIL initialization parameter is changed to OS, as DB is NOT compatible for database opened with read-only access
SMON: enabling cache recovery
Database Characterset is WE8MSWIN1252
Opening with Resource Manager plan: DEFAULT_MAINTENANCE_PLAN
可以看到当数据库audit_tail参数设置为db,但是我依然使用open read only打开的话,那么会自动转到os,当正常启动后,那么会自动转到db状态。
可以查看audit_file_dest参数,进行查看os文件所在位置:
eg:
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string OS
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 405020672 bytes
Fixed Size 2213816 bytes
Variable Size 251660360 bytes
Database Buffers 146800640 bytes
Redo Buffers 4345856 bytes
Database mounted.
Database opened.
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
SQL>
这里,我突然想起了一个老外(Nagaraj S)的问题,那就是如果审计内容非常大的话,那么system表空间会存在 空间不足情况,怎么自动删除。随后,很多国外的专家分别给出了自己的建议(如,Patterson,Joel,Steve Gardiner,Iggy Fernandez,Christopher等等)看如下邮件信息:
Hello Gurus,
I have a task to purge aud$ table and it need to done in automated way
on every month. Please help on sharing the purge script to schedule in db
scheduler
-Naga
好了,然后我们看看老外有什么好的办法。首先看看Ulfet的方法:
1)Archive and purge aud$ table
>创建新的表空间,创建新的归档表 ,创建过程,创建调度计划或是crontab,执行检查结果。
我实验结果如下:
eg:
[root@oracle-one ~]# su - oracle
[oracle@oracle-one ~]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Fri Aug 16 02:43:02 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 405020672 bytes
Fixed Size 2213816 bytes
Variable Size 251660360 bytes
Database Buffers 146800640 bytes
Redo Buffers 4345856 bytes
Database mounted.
Database opened.
SQL> select sysdate from dual;
SYSDATE
---------
16-AUG-13
SQL> col name for a60
SQL> select file#,name from v$datafile;
FILE# NAME
---------- ------------------------------------------------------------
1 /opt/app/oracle/RHYS/system01.dbf
2 /opt/app/oracle/RHYS/sysaux01.dbf
3 /opt/app/oracle/RHYS/undotbs01.dbf
4 /opt/app/oracle/RHYS/users01.dbf
5 /opt/app/oracle/RHYS/test.dbf
SQL> create tablespace arch_tbs datafile '/opt/app/oracle/RHYS/arch_tbs01.dbf' size 500M;
Tablespace created.
SQL> set pagesize 2000
SQL> select to_char(dbms_metadata.get_ddl('TABLE','AUD$')) FROM DUAL;
TO_CHAR(DBMS_METADATA.GET_DDL('TABLE','AUD$'))
--------------------------------------------------------------------------------
CREATE TABLE "SYS"."AUD$"
( "SESSIONID" NUMBER NOT NULL ENABLE,
"ENTRYID" NUMBER NOT NULL ENABLE,
"STATEMENT" NUMBER NOT NULL ENABLE,
"TIMESTAMP#" DATE,
"USERID" VARCHAR2(30),
"USERHOST" VARCHAR2(128),
"TERMINAL" VARCHAR2(255),
"ACTION#" NUMBER NOT NULL ENABLE,
"RETURNCODE" NUMBER NOT NULL ENABLE,
"OBJ$CREATOR" VARCHAR2(30),
"OBJ$NAME" VARCHAR2(128),
"AUTH$PRIVILEGES" VARCHAR2(16),
"AUTH$GRANTEE" VARCHAR2(30),
"NEW$OWNER" VARCHAR2(30),
"NEW$NAME" VARCHAR2(128),
"SES$ACTIONS" VARCHAR2(19),
"SES$TID" NUMBER,
"LOGOFF$LREAD" NUMBER,
"LOGOFF$PREAD" NUMBER,
"LOGOFF$LWRITE" NUMBER,
"LOGOFF$DEAD" NUMBER,
"LOGOFF$TIME" DATE,
"COMMENT$TEXT" VARCHAR2(4000),
"CLIENTID" VARCHAR2(64),
"SPARE1" VARCHAR2(255),
"SPARE2" NUMBER,
"OBJ$LABEL" RAW(255),
"SES$LABEL" RAW(255),
"PRIV$USED" NUMBER,
"SESSIONCPU" NUMBER,
"NTIMESTAMP#" TIMESTAMP (6),
"PROXY$SID" NUMBER,
"USER$GUID" VARCHAR2(32),
"INSTANCE#" NUMBER,
"PROCESS#" VARCHAR2(16),
"XID" RAW(8),
"AUDITID" VARCHAR2(64),
"SCN" NUMBER,
"DBID" NUMBER,
"SQLBIND" CLOB,
"SQLTEXT" CLOB,
"OBJ$EDITION" VARCHAR2(30)
) PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255 NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT FLASH_CACHE DE
FAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "SYSTEM"
LOB ("SQLBIND") STORE AS BASICFILE (
TABLESPACE "SYSTEM" ENABLE STORAGE IN ROW CHUNK 8192 RETENTION
NOCACHE LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT FLASH_CACHE DE
FAULT CELL_FLASH_CACHE DEFAULT))
LOB ("SQLTEXT") STORE AS BASICFILE (
TABLESPACE "SYSTEM" ENABLE STORAGE IN ROW CHUNK 8192 RETENTION
NOCACHE LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT FLASH_CACHE DE
FAULT CELL_FLASH_CACHE DEFAULT))
SQL>
SQL> CREATE TABLE sys.AUD$_ARCH
2 ( SESSIONID NUMBER NOT NULL ENABLE,
3 ENTRYID NUMBER NOT NULL ENABLE,
4 STATEMENT NUMBER NOT NULL ENABLE,
5 TIMESTAMP# DATE,
6 USERID VARCHAR2(30),
7 USERHOST VARCHAR2(128),
8 TERMINAL VARCHAR2(255),
9 ACTION# NUMBER NOT NULL ENABLE,
10 RETURNCODE NUMBER NOT NULL ENABLE,
11 OBJ$CREATOR VARCHAR2(30),
12 OBJ$NAME VARCHAR2(128),
13 AUTH$PRIVILEGES VARCHAR2(16),
14 AUTH$GRANTEE VARCHAR2(30),
15 NEW$OWNER VARCHAR2(30),
16 NEW$NAME VARCHAR2(128),
SES$ACTIONS VARCHAR2(19),
17 18 SES$TID NUMBER,
19 LOGOFF$LREAD NUMBER,
20 LOGOFF$PREAD NUMBER,
21 LOGOFF$LWRITE NUMBER,
22 LOGOFF$DEAD NUMBER,
23 LOGOFF$TIME DATE,
24 COMMENT$TEXT VARCHAR2(4000),
25 CLIENTID VARCHAR2(64),
26 SPARE1 VARCHAR2(255),
27 SPARE2 NUMBER,
28 OBJ$LABEL RAW(255),
29 SES$LABEL RAW(255),
30 PRIV$USED NUMBER,
31 SESSIONCPU NUMBER,
32 NTIMESTAMP# TIMESTAMP (6),
33 PROXY$SID NUMBER,
34 USER$GUID VARCHAR2(32),
35 INSTANCE# NUMBER,
36 PROCESS# VARCHAR2(16),
37 XID RAW(8),
38 AUDITID VARCHAR2(64),
39 SCN NUMBER,
40 DBID NUMBER,
41 SQLBIND CLOB,
42 SQLTEXT CLOB,
43 OBJ$EDITION VARCHAR2(30)
44 )
45 tablespace arch_tbs
46 nologging;
Table created.
今天是2013-08-15,直到今天,所有的生活 秩序才得以慢慢恢复我之前的状态。今天在工作中看到一个数据库审计变更和监听配置。顺便学习一下,记录一下笔记。
audit_trail:参数设置启动或是关闭数据库的审计功能:
有none,
os
db
db,extended
xml
xml,extended
note:
当参数为db,extended或是xml,extended的时候会在aud$表中额外记录sql bind 和sql text clob-type的字段。
If the database was started in read-only mode with
AUDIT_TRAILset to
db, extended, then Oracle Database internally sets
AUDIT_TRAILto
os. Check the alert log for details.
然后看一下数据库日志:
alter database open read only
AUDIT_TRAIL initialization parameter is changed to OS, as DB is NOT compatible for database opened with read-only access
SMON: enabling cache recovery
Database Characterset is WE8MSWIN1252
Opening with Resource Manager plan: DEFAULT_MAINTENANCE_PLAN
可以看到当数据库audit_tail参数设置为db,但是我依然使用open read only打开的话,那么会自动转到os,当正常启动后,那么会自动转到db状态。
可以查看audit_file_dest参数,进行查看os文件所在位置:
eg:
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string OS
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 405020672 bytes
Fixed Size 2213816 bytes
Variable Size 251660360 bytes
Database Buffers 146800640 bytes
Redo Buffers 4345856 bytes
Database mounted.
Database opened.
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
SQL>
这里,我突然想起了一个老外(Nagaraj S)的问题,那就是如果审计内容非常大的话,那么system表空间会存在 空间不足情况,怎么自动删除。随后,很多国外的专家分别给出了自己的建议(如,Patterson,Joel,Steve Gardiner,Iggy Fernandez,Christopher等等)看如下邮件信息:
Hello Gurus,
I have a task to purge aud$ table and it need to done in automated way
on every month. Please help on sharing the purge script to schedule in db
scheduler
-Naga
好了,然后我们看看老外有什么好的办法。首先看看Ulfet的方法:
1)Archive and purge aud$ table
>创建新的表空间,创建新的归档表 ,创建过程,创建调度计划或是crontab,执行检查结果。
我实验结果如下:
eg:
[root@oracle-one ~]# su - oracle
[oracle@oracle-one ~]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Fri Aug 16 02:43:02 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 405020672 bytes
Fixed Size 2213816 bytes
Variable Size 251660360 bytes
Database Buffers 146800640 bytes
Redo Buffers 4345856 bytes
Database mounted.
Database opened.
SQL> select sysdate from dual;
SYSDATE
---------
16-AUG-13
SQL> col name for a60
SQL> select file#,name from v$datafile;
FILE# NAME
---------- ------------------------------------------------------------
1 /opt/app/oracle/RHYS/system01.dbf
2 /opt/app/oracle/RHYS/sysaux01.dbf
3 /opt/app/oracle/RHYS/undotbs01.dbf
4 /opt/app/oracle/RHYS/users01.dbf
5 /opt/app/oracle/RHYS/test.dbf
SQL> create tablespace arch_tbs datafile '/opt/app/oracle/RHYS/arch_tbs01.dbf' size 500M;
Tablespace created.
SQL> set pagesize 2000
SQL> select to_char(dbms_metadata.get_ddl('TABLE','AUD$')) FROM DUAL;
TO_CHAR(DBMS_METADATA.GET_DDL('TABLE','AUD$'))
--------------------------------------------------------------------------------
CREATE TABLE "SYS"."AUD$"
( "SESSIONID" NUMBER NOT NULL ENABLE,
"ENTRYID" NUMBER NOT NULL ENABLE,
"STATEMENT" NUMBER NOT NULL ENABLE,
"TIMESTAMP#" DATE,
"USERID" VARCHAR2(30),
"USERHOST" VARCHAR2(128),
"TERMINAL" VARCHAR2(255),
"ACTION#" NUMBER NOT NULL ENABLE,
"RETURNCODE" NUMBER NOT NULL ENABLE,
"OBJ$CREATOR" VARCHAR2(30),
"OBJ$NAME" VARCHAR2(128),
"AUTH$PRIVILEGES" VARCHAR2(16),
"AUTH$GRANTEE" VARCHAR2(30),
"NEW$OWNER" VARCHAR2(30),
"NEW$NAME" VARCHAR2(128),
"SES$ACTIONS" VARCHAR2(19),
"SES$TID" NUMBER,
"LOGOFF$LREAD" NUMBER,
"LOGOFF$PREAD" NUMBER,
"LOGOFF$LWRITE" NUMBER,
"LOGOFF$DEAD" NUMBER,
"LOGOFF$TIME" DATE,
"COMMENT$TEXT" VARCHAR2(4000),
"CLIENTID" VARCHAR2(64),
"SPARE1" VARCHAR2(255),
"SPARE2" NUMBER,
"OBJ$LABEL" RAW(255),
"SES$LABEL" RAW(255),
"PRIV$USED" NUMBER,
"SESSIONCPU" NUMBER,
"NTIMESTAMP#" TIMESTAMP (6),
"PROXY$SID" NUMBER,
"USER$GUID" VARCHAR2(32),
"INSTANCE#" NUMBER,
"PROCESS#" VARCHAR2(16),
"XID" RAW(8),
"AUDITID" VARCHAR2(64),
"SCN" NUMBER,
"DBID" NUMBER,
"SQLBIND" CLOB,
"SQLTEXT" CLOB,
"OBJ$EDITION" VARCHAR2(30)
) PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255 NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT FLASH_CACHE DE
FAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "SYSTEM"
LOB ("SQLBIND") STORE AS BASICFILE (
TABLESPACE "SYSTEM" ENABLE STORAGE IN ROW CHUNK 8192 RETENTION
NOCACHE LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT FLASH_CACHE DE
FAULT CELL_FLASH_CACHE DEFAULT))
LOB ("SQLTEXT") STORE AS BASICFILE (
TABLESPACE "SYSTEM" ENABLE STORAGE IN ROW CHUNK 8192 RETENTION
NOCACHE LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT FLASH_CACHE DE
FAULT CELL_FLASH_CACHE DEFAULT))
SQL>
SQL> CREATE TABLE sys.AUD$_ARCH
2 ( SESSIONID NUMBER NOT NULL ENABLE,
3 ENTRYID NUMBER NOT NULL ENABLE,
4 STATEMENT NUMBER NOT NULL ENABLE,
5 TIMESTAMP# DATE,
6 USERID VARCHAR2(30),
7 USERHOST VARCHAR2(128),
8 TERMINAL VARCHAR2(255),
9 ACTION# NUMBER NOT NULL ENABLE,
10 RETURNCODE NUMBER NOT NULL ENABLE,
11 OBJ$CREATOR VARCHAR2(30),
12 OBJ$NAME VARCHAR2(128),
13 AUTH$PRIVILEGES VARCHAR2(16),
14 AUTH$GRANTEE VARCHAR2(30),
15 NEW$OWNER VARCHAR2(30),
16 NEW$NAME VARCHAR2(128),
SES$ACTIONS VARCHAR2(19),
17 18 SES$TID NUMBER,
19 LOGOFF$LREAD NUMBER,
20 LOGOFF$PREAD NUMBER,
21 LOGOFF$LWRITE NUMBER,
22 LOGOFF$DEAD NUMBER,
23 LOGOFF$TIME DATE,
24 COMMENT$TEXT VARCHAR2(4000),
25 CLIENTID VARCHAR2(64),
26 SPARE1 VARCHAR2(255),
27 SPARE2 NUMBER,
28 OBJ$LABEL RAW(255),
29 SES$LABEL RAW(255),
30 PRIV$USED NUMBER,
31 SESSIONCPU NUMBER,
32 NTIMESTAMP# TIMESTAMP (6),
33 PROXY$SID NUMBER,
34 USER$GUID VARCHAR2(32),
35 INSTANCE# NUMBER,
36 PROCESS# VARCHAR2(16),
37 XID RAW(8),
38 AUDITID VARCHAR2(64),
39 SCN NUMBER,
40 DBID NUMBER,
41 SQLBIND CLOB,
42 SQLTEXT CLOB,
43 OBJ$EDITION VARCHAR2(30)
44 )
45 tablespace arch_tbs
46 nologging;
Table created.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 数据库名、实例名、ORACLE_SID、数据库域名、全局数据库名、服务名 详解
- Oracle 数据库启动过程各步骤详解
- (转)oracle审计详解
- 《Oracle大型数据库在AIX UNIX上的实战详解》的集中答疑九 数据库字符集与国家语言字符集的关系
- Oracle 数据库QUIESCE状态详解
- 数据库 Oracle监听实例详解
- oracle数据库定时任务dbms_job的用法详解
- 监控和审计 Oracle 数据库错误
- 详解如何配置ORACLE 客户端连接到数据库
- 详解:数据库名、实例名、ORACLE_SID、数据库域名、全局数据库名、服务名
- 详解:数据库名、实例名、ORACLE_SID、数据库域名、全局数据库名、服务名及手工脚本创建oracle数据库
- 详解:数据库名、实例名、ORACLE_SID、数据库域名、全局数据库名、服务名
- oracle大型数据库系统在aix unix上的实战详解 内容错误更正 ,谢谢众多读者的反馈
- 图文:详解数据库Oracle 11g的基本安装
- oracle-数据库的各种-锁-详解
- Oracle 数据库QUIESCE状态详解
- Oracle 11G 数据库 DATA GUARD主从同步配置详解
- Oracle数据库:impdp导入数据库及expdp导出数据过程详解
- oracle-数据库的各种-锁-详解
- [转]oracle数据库定时任务dbms_job的用法详解