Step 1: Enable Oracle Audit (DB rebounce is required):
audit_trail = DB / DB_EXTENDED / OS / TRUE / FALSE / NONE
Note:
OS: Trace log will be recorded on $ORACLE_HOME/rdbms/audit
DB: Trace log will be recorded on sys.aud$.
While sys.aud$ data is changed, dba_audit_trail is updated accordingly.
DB = TRUE
DB_EXTENDED has two more column info than DB, eg. sql_text
FALSE = NONE
OS Audit Trail
Even if OS audit trail is not enabled, Oracle will still write default actions to OS audit trail:
* instance startup
* instance shutdown
* connections to the database as SYSOPER or SYSDBA
Step 2: 3 levels of audit options
Statement Auditing
Eg.
AUDIT SELECT BY SCOTT BY ACCESS WHENEVER SUCCESSFUL;
/* audits all select statements performed successfully by SCOTT *?
AUDIT SELECT TABLE, UPDATE TABLE BY SCOTT, BLAKE;
AUDIT SELECT ANY TABLE, UPDATE ANY TABLE BY SCOTT, BLAKE;
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment