审计可以记录ORACLE的各种操作,比如谁访问了或者删除表数据等。
sql> conn /as sysdba
sql> show parameter auditNAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/ORCL/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
sql> alter system set audit_sys_operations=TRUE scope=spfile; --审计管理用户(以sysdba/sysoper角色登陆)
sql> alter system set audit_trail=db,extended scope=spfile;
sql> startup force;
sql> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/ORCL/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB,EXTENDED
AUDIT DELETE ANY TABLE BY ACCESS WHENEVER SUCCESSFUL; --只审计删除成功的情况
AUDIT TABLE BY ACCESS WHENEVER SUCCESSFUL; --CREATE,DROP,TRUNCATE
--审计信息
SELECT * FROM SYS.AUD$;
SELECT * FROM SYS.DBA_AUDIT_TRAIL;