Difference between revisions of "Auditing"
From dbawiki
m (→12c auditing is protected) |
(→Manage the audit trail (12c)) |
||
| Line 29: | Line 29: | ||
</pre> | </pre> | ||
===Manage the audit trail (12c)=== | ===Manage the audit trail (12c)=== | ||
| − | The only way to work with the audit trail is with the DBMS_AUDIT_MGMT package. | + | The only way to work with the audit trail is with the DBMS_AUDIT_MGMT package.<br /> |
| + | Before the audit trail can be purged, you must initialise it. This is a one-off execution of the init_cleanup procedure. | ||
| + | <pre> | ||
| + | SYS@RMANV12> BEGIN | ||
| + | DBMS_AUDIT_MGMT.init_cleanup( | ||
| + | audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL, | ||
| + | default_cleanup_interval => 12 /* hours */); | ||
| + | END; | ||
| + | / | ||
| + | |||
| + | PL/SQL procedure successfully completed. | ||
| + | </pre> | ||
| + | ===Check whether audit trail cleanup has been initialised=== | ||
| + | <pre> | ||
| + | SET SERVEROUTPUT ON | ||
| + | BEGIN | ||
| + | IF DBMS_AUDIT_MGMT.is_cleanup_initialized(DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD) THEN | ||
| + | DBMS_OUTPUT.put_line('YES'); | ||
| + | ELSE | ||
| + | DBMS_OUTPUT.put_line('NO'); | ||
| + | END IF; | ||
| + | END; | ||
| + | / | ||
| + | </pre> | ||
| + | ====Check audit settings==== | ||
| + | <pre> | ||
| + | SELECT * FROM dba_audit_mgmt_config_params; | ||
| + | <pre> | ||
| + | ===When was audit trail last purged?==== | ||
| + | <pre> | ||
| + | COLUMN audit_trail FORMAT A20 | ||
| + | COLUMN last_archive_ts FORMAT A40 | ||
| + | |||
| + | SELECT * FROM dba_audit_mgmt_last_arch_ts; | ||
| + | |||
| + | no rows selected | ||
| + | |||
| + | </pre> | ||
| + | ====Set a date to purge to==== | ||
| + | Setup to purge anything older than 90 days before today | ||
| + | <pre> | ||
| + | BEGIN | ||
| + | DBMS_AUDIT_MGMT.set_last_archive_timestamp( | ||
| + | audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, | ||
| + | last_archive_time => SYSTIMESTAMP-90); | ||
| + | END; | ||
| + | / | ||
| + | </pre> | ||
| + | ====Recheck==== | ||
| + | <pre> | ||
| + | COLUMN audit_trail FORMAT A20 | ||
| + | COLUMN last_archive_ts FORMAT A40 | ||
| + | |||
| + | SELECT * FROM dba_audit_mgmt_last_arch_ts; | ||
| + | |||
| + | AUDIT_TRAIL RAC_INSTANCE LAST_ARCHIVE_TS | ||
| + | -------------------- ------------ ---------------------------------------- | ||
| + | STANDARD AUDIT TRAIL 0 08-NOV-14 06.24.44.000000 PM +00:00 | ||
| + | </pre> | ||
Revision as of 17:29, 6 February 2015
Contents
Show the audit trail (12c)
select dbusername , event_timestamp , sql_text from unified_audit_trail
12c auditing is protected
The Unified Audit Trail is well protected. Not even SYS can mess with it.
select table_name from dba_tables where owner='AUDSYS';
TABLE_NAME
--------------------------------------------------------------------------------------------------------------------------------
CLI_SWP$4f81f886$1$1
SYS@RMANV12> truncate table audsys."CLI_SWP$4f81f886$1$1";
truncate table audsys."CLI_SWP$4f81f886$1$1"
*
ERROR at line 1:
ORA-55941: DML and DDL operations are not allowed on table "AUDSYS"."CLI_SWP$4f81f886$1$1"
SYS@RMANV12> drop user audsys cascade;
drop user audsys cascade
*
ERROR at line 1:
ORA-28050: specified user or role cannot be dropped
Manage the audit trail (12c)
The only way to work with the audit trail is with the DBMS_AUDIT_MGMT package.
Before the audit trail can be purged, you must initialise it. This is a one-off execution of the init_cleanup procedure.
SYS@RMANV12> BEGIN
DBMS_AUDIT_MGMT.init_cleanup(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
default_cleanup_interval => 12 /* hours */);
END;
/
PL/SQL procedure successfully completed.
Check whether audit trail cleanup has been initialised
SET SERVEROUTPUT ON
BEGIN
IF DBMS_AUDIT_MGMT.is_cleanup_initialized(DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD) THEN
DBMS_OUTPUT.put_line('YES');
ELSE
DBMS_OUTPUT.put_line('NO');
END IF;
END;
/
Check audit settings
SELECT * FROM dba_audit_mgmt_config_params; <pre> ===When was audit trail last purged?==== <pre> COLUMN audit_trail FORMAT A20 COLUMN last_archive_ts FORMAT A40 SELECT * FROM dba_audit_mgmt_last_arch_ts; no rows selected
Set a date to purge to
Setup to purge anything older than 90 days before today
BEGIN
DBMS_AUDIT_MGMT.set_last_archive_timestamp(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
last_archive_time => SYSTIMESTAMP-90);
END;
/
Recheck
COLUMN audit_trail FORMAT A20 COLUMN last_archive_ts FORMAT A40 SELECT * FROM dba_audit_mgmt_last_arch_ts; AUDIT_TRAIL RAC_INSTANCE LAST_ARCHIVE_TS -------------------- ------------ ---------------------------------------- STANDARD AUDIT TRAIL 0 08-NOV-14 06.24.44.000000 PM +00:00
