关于oracle 11g 审计文件
2015-04-28 16:54
441 查看
关于审计:
11g默认启用的审计选项,AUDIT_TRAIL参数的缺省值为DB,表示审计数据将记录在数据库中的SYS.AUD$审计字典基表上。而在Oracle 10g中该参数默认值为none,即不启用审计。Oracle官方宣称默认启用的审计日志不会对绝大多数产品数据库的性能带来过大的负面影响,同时Oracle公司还推荐使用基于OS文件的审计日志记录方式(OS
audit trail files)。
因为在11g中CREATE SESSION将被作为受审计的权限来被记录,因此当SYSTEM表空间因磁盘空间而无法扩展时将导致这部分审计记录无法生成,最终导致普通用户的新会话将无法正常创建,普通用户将无法登陆数据库。在这种场景中仍可以使用SYSDBA身份的用户创建会话,在将审计数据合适备份后删除一部分记录,或者TRUNCATEAUD$都可以解决上述问题。
当AUDIT_TRAIL设置为OS时,审计记录文件将在AUDIT_FILE_DEST参数所指定的目录中生成。全部这些文件均可以随时被删除或复制。
以下权限将对所有用户审计:
SQL> select privilege,success,failure fromdba_priv_audit_opts;
PRIVILEGE SUCCESS FAILURE
---------------------------------------- --------------------
CREATE EXTERNAL JOB BY ACCESS BY ACCESS
CREATE ANY JOB BY ACCESS BY ACCESS
GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
CREATE ANY LIBRARY BY ACCESS BY ACCESS
GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
DROP PROFILE BY ACCESS BY ACCESS
ALTER PROFILE BY ACCESS BY ACCESS
DROP ANY PROCEDURE BY ACCESS BY ACCESS
ALTER ANY PROCEDURE BY ACCESS BY ACCESS
CREATE ANY PROCEDURE BY ACCESS BY ACCESS
ALTER DATABASE BY ACCESS BY ACCESS
GRANT ANY ROLE BY ACCESS BY ACCESS
CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
DROP ANY TABLE BY ACCESS BY ACCESS
ALTER ANY TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
DROP USER BY ACCESS BY ACCESS
ALTER USER BY ACCESS BY ACCESS
CREATE USER BY ACCESS BY ACCESS
CREATE SESSION BY ACCESS BY ACCESS
AUDIT SYSTEM BY ACCESS BY ACCESS
ALTER SYSTEM BY ACCESS BY ACCESS
23 rows selected.
当前数据库中的现有的审计记录,LOGNO/LOGOFF为审计create session产生的:
SQL> select action_name,count(*) from dba_audit_trailgroup by action_name;
ACTION_NAME COUNT(*)
---------------------------- ----------
LOGOFF BY CLEANUP 40
LOGON 460
LOGOFF 377
ALTER USER 2
SYSTEM GRANT 12
ALTER SYSTEM 10
CREATE PUBLIC SYNONYM 5
ALTER DATABASE 2
CREATE DATABASE LINK 1
DROP PUBLIC SYNONYM 5
96.216 SYSTEM表空间过大:
96.216中 LOGOFF/LOGOFF分别为2亿多条记录,使用得aud$表大小为80G。
解决方法:
1.当aud$表过大时,可以清除表中的审讯数据:
SQL> truncate table sys.aud$;
2.可以关闭对create session的审讯:
SQL> noaudit create session;
3.关闭数据库的审讯,需要重启数据库:
SQL> alter system set audit_trail=none scope=spfile;
11g默认启用的审计选项,AUDIT_TRAIL参数的缺省值为DB,表示审计数据将记录在数据库中的SYS.AUD$审计字典基表上。而在Oracle 10g中该参数默认值为none,即不启用审计。Oracle官方宣称默认启用的审计日志不会对绝大多数产品数据库的性能带来过大的负面影响,同时Oracle公司还推荐使用基于OS文件的审计日志记录方式(OS
audit trail files)。
因为在11g中CREATE SESSION将被作为受审计的权限来被记录,因此当SYSTEM表空间因磁盘空间而无法扩展时将导致这部分审计记录无法生成,最终导致普通用户的新会话将无法正常创建,普通用户将无法登陆数据库。在这种场景中仍可以使用SYSDBA身份的用户创建会话,在将审计数据合适备份后删除一部分记录,或者TRUNCATEAUD$都可以解决上述问题。
当AUDIT_TRAIL设置为OS时,审计记录文件将在AUDIT_FILE_DEST参数所指定的目录中生成。全部这些文件均可以随时被删除或复制。
以下权限将对所有用户审计:
SQL> select privilege,success,failure fromdba_priv_audit_opts;
PRIVILEGE SUCCESS FAILURE
---------------------------------------- --------------------
CREATE EXTERNAL JOB BY ACCESS BY ACCESS
CREATE ANY JOB BY ACCESS BY ACCESS
GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
CREATE ANY LIBRARY BY ACCESS BY ACCESS
GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
DROP PROFILE BY ACCESS BY ACCESS
ALTER PROFILE BY ACCESS BY ACCESS
DROP ANY PROCEDURE BY ACCESS BY ACCESS
ALTER ANY PROCEDURE BY ACCESS BY ACCESS
CREATE ANY PROCEDURE BY ACCESS BY ACCESS
ALTER DATABASE BY ACCESS BY ACCESS
GRANT ANY ROLE BY ACCESS BY ACCESS
CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
DROP ANY TABLE BY ACCESS BY ACCESS
ALTER ANY TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
DROP USER BY ACCESS BY ACCESS
ALTER USER BY ACCESS BY ACCESS
CREATE USER BY ACCESS BY ACCESS
CREATE SESSION BY ACCESS BY ACCESS
AUDIT SYSTEM BY ACCESS BY ACCESS
ALTER SYSTEM BY ACCESS BY ACCESS
23 rows selected.
当前数据库中的现有的审计记录,LOGNO/LOGOFF为审计create session产生的:
SQL> select action_name,count(*) from dba_audit_trailgroup by action_name;
ACTION_NAME COUNT(*)
---------------------------- ----------
LOGOFF BY CLEANUP 40
LOGON 460
LOGOFF 377
ALTER USER 2
SYSTEM GRANT 12
ALTER SYSTEM 10
CREATE PUBLIC SYNONYM 5
ALTER DATABASE 2
CREATE DATABASE LINK 1
DROP PUBLIC SYNONYM 5
96.216 SYSTEM表空间过大:
96.216中 LOGOFF/LOGOFF分别为2亿多条记录,使用得aud$表大小为80G。
解决方法:
1.当aud$表过大时,可以清除表中的审讯数据:
SQL> truncate table sys.aud$;
2.可以关闭对create session的审讯:
SQL> noaudit create session;
3.关闭数据库的审讯,需要重启数据库:
SQL> alter system set audit_trail=none scope=spfile;
相关文章推荐
- 关于oracle 11g导出的dmp文件无法导入10g的问题
- Oracle11g用户、权限、角色、概要文件管理及审计
- Oracle 11g Alert log 文件位置的问题
- 关于oracle 12c SQL语句执行结果与11g不一致的问题
- Oracle 11g笔记——调整表空间和数据文件的大小、移动数据文件、联机重做日志文件、控制文件
- Oracle 11g 默认审计选项 说明
- Oracle 11g导出的dmp文件导入到10g
- 关于Oracle 12.1.0.2 的8个文件的文件内容
- 关于ORACLE 11g中的RECYCLE BIN
- Oracle 11g控制文件全部丢失从零开始重建控制文件
- 关于oracle os认证和口令文件认证的简要解析
- Oracle 11g笔记——表空间和数据文件的管理
- linux下oracle 11g RAC 安装grid失败,如何清除已安装文件
- 转载-Oracle 11g Alert log 文件位置的问题
- oracle 11g GRID 中 关于 OLR 需要知道的一些内容
- Oracle 11g 默认审计选项 说明
- oracle 11g 安装关于swap空间不足问题解决
- 使用批处理文件启动/关闭 oracle 11g 的相关服务
- oracle导出dmp文件时,ORA-00904: "POLTYP": 标识符无效,是因为用的11g的exp工具而被导出的数据库是10g的,版本比它高
- Oracle 11g Alert log 文件位置的问题