1.打開數據庫的審計

alter system set audit_sys_operations=TRUE scope=spfile;  //審計管理用戶
alter system set audit_trail=db,extended scope=spfile;  //將sql語句寫入審計表中

2.對數據庫重啟並查看

重啟數據庫
shutdown immediate;
startup;
show parameter audit;

3.增加審計策略
我們需要對數據庫的caiwu用戶的所有操作進行審計

// 審計用戶caiwu所有成功的操作
audit all by caiwu by access whenever successful;
 

或者

//針對用戶的審計(未執行成功的也審計)
audit select table by caiwu by access;     //查表審計
audit update table by caiwu by access;   //更新審計
audit delete table by caiwu by access;    //刪除審計
audit insert table by caiwu by access;     //插入審計

//針對某表的更新、刪除審計(錯誤也審計)
AUDIT UPDATE,DELETE,INSERT ON T_TEST by access;  

//保護審計
audit all on sys.aud$ by access；
 

4.取消審計

NOAUDIT UPDATE,DELETE,INSERT ON T_TEST by access;  

5.查詢審計結果

select OS_USERNAME,username,USERHOST,TERMINAL,TIMESTAMP,OWNER,obj_name,ACTION_NAME,sessionid,os_process,sql_text from dba_audit_trail;

6.將審計表查詢開放給某個用戶
grant select on dba_audit_trail to caiwu;

7.清空審計記錄
DELETE FROM SYS.AUD$;

Oracle數據庫SQL審計