【注:参考了maclean的网文】
11g默认审计选项AUDIT_TRAIL参数的缺省值为DB,审计数据记录在数据库中的AUD$审计字典基表上。在11g中CREATE SESSION将被作为受审计的权限来被记录,因此当SYSTEM表空间因磁盘空间而无法扩展时将导致这部分审计记录无法生成,这将最终导致普通用户的新会话将无法正常创建,普通用户将无法登陆数据库。在这种场景中仍可以使用SYSDBA身份的用户创建会话,在将审计数据合适备份后删除一部分记录,或者干脆TRUNCATE AUD$都可以解决上述问题。
当AUDIT_TRAIL设置为OS时,审计记录文件将在AUDIT_FILE_DEST参数所指定的目录中生成。全部这些文件均可以随时被删除或复制。
以下权限将对所有用户审计:
SQL> select privilege,success,failure from dba_priv_audit_opts; PRIVILEGE SUCCESS FAILURE ---------------------------------------- ---------- ---------- CREATE EXTERNAL JOB BY ACCESS BY ACCESS CREATE ANY JOB BY ACCESS BY ACCESS GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS EXEMPT ACCESS POLICY BY ACCESS BY ACCESS CREATE ANY LIBRARY BY ACCESS BY ACCESS GRANT ANY PRIVILEGE BY ACCESS BY ACCESS DROP PROFILE BY ACCESS BY ACCESS ALTER PROFILE BY ACCESS BY ACCESS DROP ANY PROCEDURE BY ACCESS BY ACCESS ALTER ANY PROCEDURE BY ACCESS BY ACCESS CREATE ANY PROCEDURE BY ACCESS BY ACCESS PRIVILEGE SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER DATABASE BY ACCESS BY ACCESS GRANT ANY ROLE BY ACCESS BY ACCESS CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS DROP ANY TABLE BY ACCESS BY ACCESS ALTER ANY TABLE BY ACCESS BY ACCESS CREATE ANY TABLE BY ACCESS BY ACCESS DROP USER BY ACCESS BY ACCESS ALTER USER BY ACCESS BY ACCESS CREATE USER BY ACCESS BY ACCESS CREATE SESSION BY ACCESS BY ACCESS AUDIT SYSTEM BY ACCESS BY ACCESS PRIVILEGE SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER SYSTEM BY ACCESS BY ACCESS 23 rows selected.
以下语句也将对所有用户审计:
SQL> select audit_option,success,failure from dba_stmt_audit_opts; AUDIT_OPTION SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER SYSTEM BY ACCESS BY ACCESS SYSTEM AUDIT BY ACCESS BY ACCESS CREATE SESSION BY ACCESS BY ACCESS CREATE USER BY ACCESS BY ACCESS ALTER USER BY ACCESS BY ACCESS DROP USER BY ACCESS BY ACCESS PUBLIC SYNONYM BY ACCESS BY ACCESS DATABASE LINK BY ACCESS BY ACCESS ROLE BY ACCESS BY ACCESS PROFILE BY ACCESS BY ACCESS DIRECTORY BY ACCESS BY ACCESS AUDIT_OPTION SUCCESS FAILURE ---------------------------------------- ---------- ---------- CREATE ANY TABLE BY ACCESS BY ACCESS ALTER ANY TABLE BY ACCESS BY ACCESS DROP ANY TABLE BY ACCESS BY ACCESS CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS GRANT ANY ROLE BY ACCESS BY ACCESS SYSTEM GRANT BY ACCESS BY ACCESS ALTER DATABASE BY ACCESS BY ACCESS CREATE ANY PROCEDURE BY ACCESS BY ACCESS ALTER ANY PROCEDURE BY ACCESS BY ACCESS DROP ANY PROCEDURE BY ACCESS BY ACCESS ALTER PROFILE BY ACCESS BY ACCESS AUDIT_OPTION SUCCESS FAILURE ---------------------------------------- ---------- ---------- DROP PROFILE BY ACCESS BY ACCESS GRANT ANY PRIVILEGE BY ACCESS BY ACCESS CREATE ANY LIBRARY BY ACCESS BY ACCESS EXEMPT ACCESS POLICY BY ACCESS BY ACCESS GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS CREATE ANY JOB BY ACCESS BY ACCESS CREATE EXTERNAL JOB BY ACCESS BY ACCESS 29 rows selected.
当前数据库中的现有的审计记录:
SQL> select action_name,count(*) from dba_audit_trail group by action_name; ACTION_NAME COUNT(*) ---------------------------- ---------- LOGOFF BY CLEANUP 64 LOGON 2965 LOGOFF 2822 DROP DIRECTORY 1 GRANT ROLE 2 CREATE ROLE 1 ALTER USER 1 CREATE DIRECTORY 13 CREATE DATABASE LINK 1 DROP ROLE 1 10 rows selected.