Auditing

From dbawiki
Revision as of 17:35, 6 February 2015 by Stuart (talk | contribs) (Show the audit trail (12c))
Jump to: navigation, search

Show the audit trail (12c)

set lines 2000
col dbusername      for a32
col event_timestamp for a23
col sql_text        for a200

select dbusername
,      event_timestamp
,      sql_text
from   unified_audit_trail

12c auditing is protected

The Unified Audit Trail is well protected. Not even SYS can mess with it. 

select table_name from dba_tables where owner='AUDSYS';

TABLE_NAME
--------------------------------------------------------------------------------------------------------------------------------
CLI_SWP$4f81f886$1$1


SYS@RMANV12> truncate table audsys."CLI_SWP$4f81f886$1$1";
truncate table audsys."CLI_SWP$4f81f886$1$1"
                      *
ERROR at line 1:
ORA-55941: DML and DDL operations are not allowed on table "AUDSYS"."CLI_SWP$4f81f886$1$1"

SYS@RMANV12> drop user audsys cascade;
drop user audsys cascade
*
ERROR at line 1:
ORA-28050: specified user or role cannot be dropped

Manage the audit trail (12c)

The only way to work with the audit trail is with the DBMS_AUDIT_MGMT package.
Before the audit trail can be purged, you must initialise it. This is a one-off execution of the init_cleanup procedure. 

SYS@RMANV12> BEGIN
    DBMS_AUDIT_MGMT.init_cleanup(
    audit_trail_type         => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
    default_cleanup_interval => 12 /* hours */);
END;
/

PL/SQL procedure successfully completed.

Check whether audit trail cleanup has been initialised

SET SERVEROUTPUT ON
BEGIN
  IF DBMS_AUDIT_MGMT.is_cleanup_initialized(DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD) THEN
    DBMS_OUTPUT.put_line('YES');
  ELSE
    DBMS_OUTPUT.put_line('NO');
  END IF;
END;
/

Check audit settings

SELECT * FROM dba_audit_mgmt_config_params;
<pre>
===When was audit trail last purged?====
<pre>
COLUMN audit_trail FORMAT A20
COLUMN last_archive_ts FORMAT A40

SELECT * FROM dba_audit_mgmt_last_arch_ts;

no rows selected

Set a date to purge to

Setup to purge anything older than 90 days before today 

BEGIN
  DBMS_AUDIT_MGMT.set_last_archive_timestamp(
    audit_trail_type  => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
    last_archive_time => SYSTIMESTAMP-90);
END;
/

Recheck

COLUMN audit_trail FORMAT A20
COLUMN last_archive_ts FORMAT A40

SELECT * FROM dba_audit_mgmt_last_arch_ts;

AUDIT_TRAIL          RAC_INSTANCE LAST_ARCHIVE_TS
-------------------- ------------ ----------------------------------------
STANDARD AUDIT TRAIL            0 08-NOV-14 06.24.44.000000 PM +00:00
Retrieved from "https://mailnest.com/dbawiki/index.php?title=Auditing&oldid=1795"