1、查看审计功能是否打开
SQL> show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string ?/rdbms/audit
audit_sys_operations boolean FALSE
audit_trail string FALSE
transaction_auditing boolean TRUE
由于audit_trail的value值为FALSE,说明审计功能没有打开
2、打开审计功能
SQL> alter system set audit_trail='TRUE' scope=spfile;
System altered.
3、重新启动数据库使审计功能生效
SQL> conn / as sysdba;
Connected.
SQL> shutdown normal;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 171966464 bytes
Fixed Size 787988 bytes
Variable Size 144964076 bytes
Database Buffers 25165824 bytes
Redo Buffers 1048576 bytes
Database mounted.
Database opened.
4、查看审计功能是否打开
SQL> show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string ?/rdbms/audit
audit_sys_operations boolean FALSE
audit_trail string TRUE
transaction_auditing boolean TRUE
5、设置审计策略
SQL>audit session;
SQL>audit delete any table by session;
SQL>audit create table by session;
SQL>audit table by session;
SQL>audit create user by session;
SQL>audit alter user by session;
SQL>audit index by session
SQL>audit create view by session;
SQL>audit create procedure by session;
6、查询审计的项是否跟设置的相同
SQL> select * from DBA_STMT_AUDIT_OPTS;
USER_NAME PROXY_NAME
------------------------------ ------------------------------
AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
CREATE SESSION BY ACCESS BY ACCESS
TABLE BY ACCESS BY ACCESS
DELETE ANY TABLE BY SESSION BY SESSION
CREATE TABLE BY ACCESS BY ACCESS
CREATE USER BY ACCESS BY ACCESS
ALTER USER BY ACCESS BY ACCESS
INDEX BY ACCESS BY ACCESS
CREATE VIEW BY ACCESS BY ACCESS
CREATE PROCEDURE BY ACCESS BY ACCESS
7、审计日志查询
SQL>select * from DBA_AUDIT_TRAIL where where rownum<10;
说明:where rownum<10 显示前10行
audit table by bm --给bm用户监控对表的drop,alter,truncate操作
<!--StartFragment -->用着个视图查看truncate 的操作