oracle數據庫審計

今天是2013-12-15，上周一直處理was問題，今天繼續研究Oracle，記錄一下學習筆記。
對於oracle審計有如下參數：
SQL> show parameter audit

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
SQL>
其中audit_file_dest為審計日誌路徑，默認只記錄簡單的登錄信息，如果想對sys用戶進行詳細審計那麽可以設置audit_sys_operations為true；
eg:

SQL> select p.addr,p.spid,s.sid from v$process p join v$session s on p.addr=s.paddr and s.sid=(select distinct(sid) from v$mystat);

ADDR SPID SID
---------------- ------------------------ ----------
0000000084CCB190 2661 58

SQL> show parameter audit

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
SQL> !more /opt/app/oracle/admin/RHYS/adump/*2661*
Audit file /opt/app/oracle/admin/RHYS/adump/RHYS_ora_2661_20131215081951980023143795.aud
Oracle database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
ORACLE_HOME = /opt/app/oracle/product/11.2.0/dbhome_1
system name: linux
Node name: oracle-one
Release: 2.6.39-400.17.1.el6uek.x86_64
version: #1 SMP Fri Feb 22 18:16:18 PST 2013
Machine: x86_64
Instance name: RHYS
Redo thread mounted by this instance: 1
Oracle process number: 37
Unix process pid: 2661, image: oracle@oracle-one (TNS V1-V3)

Sun Dec 15 08:19:52 2013 +08:00
LENGTH : '160'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '2745484551'

SQL>
審計sys用戶操作記錄：
SQL> alter system set audit_sys_operations=true scope=spfile;

System altered.

SQL> startup force
ORACLE instance started.

Total System Global Area 626327552 bytes
Fixed Size 2255832 bytes
Variable Size 440402984 bytes
Database Buffers 180355072 bytes
Redo Buffers 3313664 bytes
Database mounted.
Database opened.
SQL>
SQL>
SQL>
SQL> set linesize 200
SQL> select * from scott.emp ;

no rows selected

SQL> select p.addr,p.spid,s.sid from v$process p join v$session s on p.addr=s.paddr and s.sid=(select distinct(sid) from v$mystat);

ADDR SPID SID
---------------- ------------------------ ----------
0000000084CBB6C8 2803 1

SQL> !more /opt/app/oracle/admin/RHYS/adump/*2803*
::::::::::::::
/opt/app/oracle/admin/RHYS/adump/RHYS_ora_2803_20131203104828030790143795.aud
::::::::::::::
Audit file /opt/app/oracle/admin/RHYS/adump/RHYS_ora_2803_20131203104828030790143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
ORACLE_HOME = /opt/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: oracle-one
Release: 2.6.39-400.17.1.el6uek.x86_64
Version: #1 SMP Fri Feb 22 18:16:18 PST 2013
Machine: x86_64
Instance name: RHYS
Redo thread mounted by this instance: 0 <none>
Oracle process number: 23
Unix process pid: 2803, image: oracle@oracle-one (TNS V1-V3)

Tue Dec 3 10:48:28 2013 +08:00
LENGTH : '142'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[4] 'grid'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
DBID:[0] ''

::::::::::::::
/opt/app/oracle/admin/RHYS/adump/RHYS_ora_2803_20131215082834058875143795.aud
::::::::::::::
Audit file /opt/app/oracle/admin/RHYS/adump/RHYS_ora_2803_20131215082834058875143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
ORACLE_HOME = /opt/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: oracle-one
Release: 2.6.39-400.17.1.el6uek.x86_64
Version: #1 SMP Fri Feb 22 18:16:18 PST 2013
Machine: x86_64
Instance name: RHYS
Redo thread mounted by this instance: 1
Oracle process number: 22
Unix process pid: 2803, image: oracle@oracle-one (TNS V1-V3)

Sun Dec 15 08:28:34 2013 +08:00
LENGTH : '160'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '2745484551'

Sun Dec 15 08:29:06 2013 +08:00
LENGTH : '173'
ACTION :[19] 'ALTER DATABASE OPEN'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '2745484551'

Sun Dec 15 08:29:40 2013 +08:00
LENGTH : '178'
ACTION :[24] 'select * from scott.emp '
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '2745484551'

Sun Dec 15 08:29:53 2013 +08:00
LENGTH : '280'
ACTION :[125] 'select p.addr,p.spid,s.sid from v$process p join v$session s on p.addr=s.paddr and s.sid=(select distinct(sid) from v$mystat)'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '2745484551'

::::::::::::::
/opt/app/oracle/admin/RHYS/adump/RHYS_ora_5216_20131129172703752803143795.aud
::::::::::::::
Audit file /opt/app/oracle/admin/RHYS/adump/RHYS_ora_5216_20131129172703752803143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
ORACLE_HOME = /opt/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: oracle-one
Release: 2.6.39-400.17.1.el6uek.x86_64
Version: #1 SMP Fri Feb 22 18:16:18 PST 2013
Machine: x86_64
Instance name: RHYS
Redo thread mounted by this instance: 1
Oracle process number: 28
Unix process pid: 5216, image: oracle@oracle-one (TNS V1-V3)

Fri Nov 29 17:27:03 2013 +08:00
LENGTH : '155'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
DBID:[10] '2745192666'

SQL>
可以看到該用戶進行的操作全部記錄下來。

SQL> r
1* select p.addr,p.spid,s.sid from v$process p join v$session s on p.addr=s.paddr and s.sid=(select distinct(sid) from v$mystat)

ADDR SPID SID
---------------- ------------------------ ----------
0000000084CBB6C8 2903 1

SQL> !more /opt/app/oracle/admin/RHYS/adump/*2903*
Audit file /opt/app/oracle/admin/RHYS/adump/RHYS_ora_3971_20131205162200142903143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
ORACLE_HOME = /opt/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: oracle-one
Release: 2.6.39-400.17.1.el6uek.x86_64
Version: #1 SMP Fri Feb 22 18:16:18 PST 2013
Machine: x86_64
Instance name: RHYS
Redo thread mounted by this instance: 1
Oracle process number: 30
Unix process pid: 3971, image: oracle@oracle-one (TNS V1-V3)

Thu Dec 5 16:22:00 2013 +08:00
LENGTH : '160'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/1'
STATUS:[1] '0'
DBID:[10] '2745484551'
註意到其他用戶信息則無法審計。那麽就需要看一下另一個參數：audit_trail
該參數具有如下值：
AUDIT_TRAIL = { none | os | db [, extended] | xml [, extended] }
none 表示不啟用審計
os 表示審計文件信息在操作系統存儲，這是oracle建議的
db 表示審計信息記錄在sys.aud$視圖中
db，extended 表示審計信息記錄在sys.aud$視圖中，其中包含sql text和sql bind
xml 表示在操作系統以xml格式記錄審計日誌
xml 表示在操作系統以xml格式記錄審計日誌，其中包含sql text和sql bind
其中這些審計信息可以通過查看dba_audit_trait以及aud$。
EG:
SQL> show parameter audit

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
SQL> show user
USER is "SYS"
SQL> select os_username,username,timestamp,obj_name,ACTION_NAME,audit_option,sql_text,sql_bind from dba_audit_trail where owner='SCOTT' ORDER BY TIMESTAMP DESC;

no rows selected

SQL> audit select table,update table,delete table,insert table by scott by access;

Audit succeeded.

SQL> grant select on dba_audit_trail to scott
2 ;

Grant succeeded.

SQL> conn scott/root
Connected.

SQL> select * from dept;

DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON

SQL>
SQL> select os_username,username,timestamp,obj_name,ACTION_NAME,audit_option,sql_text,sql_bind from dba_audit_trail where owner='SCOTT' ORDER BY TIMESTAMP DESC;

OS_USERNAME USERNAME TIMESTAMP OBJ_NAME ACTION_NAME AUDIT_OPTION SQL_TEXT SQL_BIND
-------------------- ---------- --------- --------------- ---------------------------- -------------------- ------------------------------ ------------------------------
oracle SCOTT 15-DEC-13 EMP SELECT
oracle SCOTT 15-DEC-13 DEPT SELECT

SQL>
本次是采用語句審計，還可以采用會話審計。http://docs.oracle.com/cd/E11882_01/server.112/e41084/statements_4007.htm#SQLRF53735
語句審計：

SQL> show parameter audit

System altered.

SQL> startup force
ORACLE instance started.

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB, EXTENDED
SQL>
SQL> conn scott/root
Connected.
SQL> select * from dept;

DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON

SQL> select os_username,username,timestamp,obj_name,ACTION_NAME,audit_option,sql_text,sql_bind from dba_audit_trail where owner='SCOTT' ORDER BY TIMESTAMP DESC;

SQL> select * from dept where deptno=10;

DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK

SQL> select os_username,username,timestamp,obj_name,ACTION_NAME,audit_option,sql_text,sql_bind from dba_audit_trail where owner='SCOTT' ORDER BY TIMESTAMP DESC;

oracle SCOTT 15-DEC-13 DEPT SELECT select * from dept
oracle SCOTT 15-DEC-13 EMP SELECT
oracle SCOTT 15-DEC-13 DEPT SELECT

SQL> var n:=10
SQL> select os_username,username,timestamp,obj_name,ACTION_NAME,audit_option,sql_text,sql_bind from dba_audit_trail where owner='SCOTT' ORDER BY TIMESTAMP DESC;

oracle SCOTT 15-DEC-13 DEPT SELECT select * from dept where deptn
o=10

oracle SCOTT 15-DEC-13 DEPT SELECT select * from dept
oracle SCOTT 15-DEC-13 EMP SELECT
oracle SCOTT 15-DEC-13 DEPT SELECT

SQL>
對於數據庫的審計視圖可以進行查看：
SQL> col object_name for a50
SQL> r
1* select object_name,object_type from dba_objects where object_name like '%AUDIT%' and object_type in ('TABLE','VIEW')

OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
AUDIT$ TABLE
STMT_AUDIT_OPTION_MAP TABLE
V_$XML_AUDIT_TRAIL VIEW
GV_$XML_AUDIT_TRAIL VIEW
AUDIT_ACTIONS TABLE
ALL_DEF_AUDIT_OPTS VIEW
USER_OBJ_AUDIT_OPTS VIEW
DBA_OBJ_AUDIT_OPTS VIEW
DBA_STMT_AUDIT_OPTS VIEW
DBA_PRIV_AUDIT_OPTS VIEW
DBA_AUDIT_TRAIL VIEW

OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
USER_AUDIT_TRAIL VIEW
DBA_AUDIT_SESSION VIEW
USER_AUDIT_SESSION VIEW
DBA_AUDIT_STATEMENT VIEW
USER_AUDIT_STATEMENT VIEW
DBA_AUDIT_OBJECT VIEW
USER_AUDIT_OBJECT VIEW
DBA_AUDIT_EXISTS VIEW
SM$AUDIT_CONFIG VIEW
DBA_AUDIT_POLICIES VIEW
DBA_AUDIT_POLICY_COLUMNS VIEW

OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
ALL_AUDIT_POLICIES VIEW
ALL_AUDIT_POLICY_COLUMNS VIEW
USER_AUDIT_POLICIES VIEW
USER_AUDIT_POLICY_COLUMNS VIEW
DBA_FGA_AUDIT_TRAIL VIEW
DBA_COMMON_AUDIT_TRAIL VIEW
DBA_AUDIT_MGMT_CONFIG_PARAMS VIEW
DBA_AUDIT_MGMT_LAST_ARCH_TS VIEW
DBA_AUDIT_MGMT_CLEANUP_JOBS VIEW
DBA_AUDIT_MGMT_CLEAN_EVENTS VIEW
REPCAT$_AUDIT_ATTRIBUTE TABLE

OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
DBA_REPAUDIT_ATTRIBUTE VIEW
ALL_REPAUDIT_ATTRIBUTE VIEW
USER_REPAUDIT_ATTRIBUTE VIEW
REPCAT$_AUDIT_COLUMN TABLE
DBA_REPAUDIT_COLUMN VIEW
ALL_REPAUDIT_COLUMN VIEW
USER_REPAUDIT_COLUMN VIEW
KU$_AUDIT_VIEW VIEW
KU$_10_1_AUDIT_VIEW VIEW
KU$_AUDIT_OBJ_BASE_VIEW VIEW
KU$_AUDIT_OBJ_VIEW VIEW

OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
KU$_AUDIT_DEFAULT_VIEW VIEW
KU$_PROC_AUDIT_VIEW VIEW
KU$_PROCOBJ_AUDIT_VIEW VIEW
KU$_PROCDEPOBJ_AUDIT_VIEW VIEW
MGMT_BCN_TXN_AUDIT TABLE
MGMT_AUDIT_MASTER TABLE
MGMT_AUDIT_DESTINATION TABLE
MGMT_AUDIT_LOGS TABLE
MGMT_AUDIT_CUSTOM_ATTRIBS TABLE
MGMT$ESA_AUDIT_SYSTEM_REPORT VIEW
MGMT$AUDIT_LOG VIEW

OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
WWV_FLOW_BUILDER_AUDIT_TRAIL TABLE
APEX_DEVELOPER_AUDIT_LOG VIEW

57 rows selected.

SQL>
audit sql_statement_clause [by user_name]|[by [session][access]] [whenever [not] successful]
審計用戶操作by user_name
審計用戶sql：by access 對每條語句進行審計重復的sql也審計
審計用戶sql：by session 只對該session sql進行審計，去除重復sql
審計用戶登錄成功或是失敗 whenever successful whenever not successful
查看dba_stmt_audit_opts了解哪些用戶進行了語句審計。
權限審計：
audit privilege_name [by user_name]|[by [session][access]] [whenever [not] successful]
查看dba_priv_audit_opts了解哪些用戶有哪些權限審計進行記錄
對象審計
audit schema_object_clause on schema by [access][session] [whenerver [not] successful]
查看dba_obj_audit_opts了解哪些用戶進行了對象審計。
eg:
SQL>
SQL> audit select,insert on scott.emp by session;

Audit succeeded.

SQL> truncate table aud$;

Table truncated.

SQL> select * from dba_obj_audit_opts;

OWNER OBJECT_NAME OBJECT_TYPE ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE CRE REA WRI FBK
------------------------------ -------------------------------------------------- ----------------------- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
SCOTT EMP TABLE -/- -/- -/- -/- -/- -/- S/S -/- -/- S/S -/- -/- -/- -/- -/- -/- -/-

SQL>
SQL>
SQL>
SQL> noaudit select,insert on scott.emp;

Noaudit succeeded.

SQL> select * from dba_obj_audit_opts;

no rows selected

SQL>
取消審計使用noaudit
eg：
noaudit select table,insert table,delete table,update table by scott;
noaudit all privilege by scott;
在9i開始引入fga審計，使其審計更加精細可以對列行進行審計。其原理通過dbms_fga包進行實現，且記錄在fga_log$中。
http://docs.oracle.com/cd/E11882_01/appdev.112/e40758/d_fga.htm#i1001938

SQL> desc dbms_fga
PROCEDURE ADD_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
AUDIT_CONDITION VARCHAR2 IN DEFAULT
AUDIT_COLUMN VARCHAR2 IN DEFAULT
HANDLER_SCHEMA VARCHAR2 IN DEFAULT
HANDLER_MODULE VARCHAR2 IN DEFAULT
ENABLE BOOLEAN IN DEFAULT
STATEMENT_TYPES VARCHAR2 IN DEFAULT
AUDIT_TRAIL BINARY_INTEGER IN DEFAULT
AUDIT_COLUMN_OPTS BINARY_INTEGER IN DEFAULT
POLICY_OWNER VARCHAR2 IN DEFAULT
PROCEDURE DISABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE DROP_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE ENABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
ENABLE BOOLEAN IN DEFAULT

SQL>
eg：

SQL> BEGIN
2 DBMS_FGA.ADD_POLICY(
3 OBJECT_SCHEMA=>'SCOTT',
4 OBJECT_NAME=>'DEPT',
5 POLICY_NAME=>'EMP_AUDIT',
6 AUDIT_COLUMN=>'DEPTNO',
7 STATEMENT_TYPES=>'UPDATE');
8 END;
9 /

PL/SQL procedure successfully completed.

SQL>
SQL> CONN SCOTT/root
Connected.
SQL> select * from dept;

DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON

SQL> update dept set deptno=50 where deptno=40;

1 row updated.
SQL> select sql_text from dba_fga_audit_trail;

SQL_TEXT
------------------------------
update dept set deptno=50 wher
e deptno=40

SQL>
SQL>
另外查看fga信息可以通過dba_fga_audit_trail進行查看，查看權限策略信息可以查看dba_audit_policies;
SQL> begin
2 dbms_fga.disable_policy(
3 object_schema=>'SCOTT',
4 object_name=>'DEPT',
5 policy_name=>'EMP_AUDIT');
6 END;
7
8 /

PL/SQL procedure successfully completed.

SQL> SELECT OBJECT_SCHEMA,OBJECT_NAME,POLICY_OWNER,POLICY_NAME,ENABLED FROM DBA_AUDIT_POLICIES;

OBJECT_SCHEMA OBJECT_NAME POLICY_OWNER POLICY_NAME ENA
------------------------------ -------------------------------------------------- ------------------------------ ------------------------------ ---
SCOTT DEPT SYS EMP_AUDIT NO

SQL> BEGIN
2 DBMS_FGA.ENABLE_POLICY(
3 object_schema=>'SCOTT',
4 object_name=>'DEPT',
5 policy_name=>'EMP_AUDIT');
6 END;
7 /

PL/SQL procedure successfully completed.

SQL> SELECT OBJECT_SCHEMA,OBJECT_NAME,POLICY_OWNER,POLICY_NAME,POLICY_COLUMN,ENABLED FROM DBA_AUDIT_POLICIES;

OBJECT_SCHEMA OBJECT_NAME POLICY_OWNER POLICY_NAME POLICY_COLUMN ENA
------------------------------ -------------------------------------------------- ------------------------------ ------------------------------ ------------------------------ ---
SCOTT DEPT SYS EMP_AUDIT DEPTNO YES

SQL>

SQL> BEGIN
2 DBMS_FGA.DROP_POLICY(
3 object_schema=>'SCOTT',
4 object_name=>'DEPT',
5 policy_name=>'EMP_AUDIT');
6 END;
7 /

PL/SQL procedure successfully completed.

SQL> COL OBJECT_NAME FOR A20
SQL> SELECT OBJECT_SCHEMA,OBJECT_NAME,POLICY_OWNER,POLICY_NAME,POLICY_COLUMN,ENABLED FROM DBA_AUDIT_POLICIES;

no rows selected

SQL>

另外對於audit_trail設置為os，需要在操作系統上進行日誌設置。參考：http://docs.oracle.com/cd/E11882_01/server.112/e40402/initparams016.htm#REFRN10263

That's all;

Tags:

文章來源：

oracle數據庫審計

相關文章