發表文章
參考文件 :
http://db-crack.blogspot.com/2008/04/oracle-audit.html
http://hi.baidu.com/kangkangpig/blog/item/89bcea8872265b92a5c2727d.html
http://space.itpub.net/23071790/viewspace-703141
http://bbs.gimoo.net/thread/89373-1.html
http://blog.csdn.net/newhappy2008/article/details/5383284
摘要如下 :
ORALCE Audit 記錄儲存有兩種方式:
一是存在 OS file ;一是存在 system table : SYS.AUD$
- Default Audit : 不論是否 enable audit , DB 會將以下操作寫至OS Audit file :
.connect as sysdba , connect as sysopr , startup , shutdown.
- AUDIT_SYS_OPERATIONS=TRUE ; 則不論是否 enable audit, 都將記錄 sysdba、 sysopr 的操作至 OS Audit file.
- AUDIT_TRAIL=
DB 記錄存放在SYS.AUD$ .
OS 記錄存放在 OS file .
NONE 關閉 Audit ( Defaukt)
- AUDIT_FILE_DEST=$ORACLE_HOME/rdbms/audit ( Default )
Sample:
AUDIT SESSION ; ( all session )
AUDIT SESSION by username1,username2... ; ( session by user )
...
NOAUDIT SESSION;
- parameter :
audit_file_dest string /opt/oracle/product/10.1.0/db_1/rdbms/audit
audit_sys_operations boolean FALSE
audit_trail string NONE
check dest1 : $ORACLE_HOME/dbs file : c-3907817878-yyyymmdd-00 ...
check dest2 : $ORACLE_HOME/rdbms/audit file : ora_17344.aud ...
UNIX 排程刪除:
find $ORACLE_HOME/dbs -mtime +365 -name "c-3907817878-*" -print | xargs -l rm -f
# listener.log
Default dest :
lsnrctl show log_directory | grep "log_directory" | awk '{print $6}' | read lisdir
lsnrctl set log_status off
rename listener.log listener.log_date
lsnrctl set log_status on
沒有留言:
張貼留言