Difference between revisions of "Auditing"
From dbawiki
(→Manage the audit trail (12c)) |
(→Show the audit trail (12c)) |
||
| Line 1: | Line 1: | ||
===Show the audit trail (12c)=== | ===Show the audit trail (12c)=== | ||
<pre> | <pre> | ||
| + | set lines 2000 | ||
| + | col dbusername for a32 | ||
| + | col event_timestamp for a23 | ||
| + | col sql_text for a200 | ||
| + | |||
select dbusername | select dbusername | ||
, event_timestamp | , event_timestamp | ||
| Line 6: | Line 11: | ||
from unified_audit_trail | from unified_audit_trail | ||
</pre> | </pre> | ||
| + | |||
===12c auditing is protected=== | ===12c auditing is protected=== | ||
The Unified Audit Trail is well protected. Not even SYS can mess with it. | The Unified Audit Trail is well protected. Not even SYS can mess with it. | ||
Revision as of 17:35, 6 February 2015
Contents
Show the audit trail (12c)
set lines 2000 col dbusername for a32 col event_timestamp for a23 col sql_text for a200 select dbusername , event_timestamp , sql_text from unified_audit_trail
12c auditing is protected
The Unified Audit Trail is well protected. Not even SYS can mess with it.
select table_name from dba_tables where owner='AUDSYS';
TABLE_NAME
--------------------------------------------------------------------------------------------------------------------------------
CLI_SWP$4f81f886$1$1
SYS@RMANV12> truncate table audsys."CLI_SWP$4f81f886$1$1";
truncate table audsys."CLI_SWP$4f81f886$1$1"
*
ERROR at line 1:
ORA-55941: DML and DDL operations are not allowed on table "AUDSYS"."CLI_SWP$4f81f886$1$1"
SYS@RMANV12> drop user audsys cascade;
drop user audsys cascade
*
ERROR at line 1:
ORA-28050: specified user or role cannot be dropped
Manage the audit trail (12c)
The only way to work with the audit trail is with the DBMS_AUDIT_MGMT package.
Before the audit trail can be purged, you must initialise it. This is a one-off execution of the init_cleanup procedure.
SYS@RMANV12> BEGIN
DBMS_AUDIT_MGMT.init_cleanup(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
default_cleanup_interval => 12 /* hours */);
END;
/
PL/SQL procedure successfully completed.
Check whether audit trail cleanup has been initialised
SET SERVEROUTPUT ON
BEGIN
IF DBMS_AUDIT_MGMT.is_cleanup_initialized(DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD) THEN
DBMS_OUTPUT.put_line('YES');
ELSE
DBMS_OUTPUT.put_line('NO');
END IF;
END;
/
Check audit settings
SELECT * FROM dba_audit_mgmt_config_params; <pre> ===When was audit trail last purged?==== <pre> COLUMN audit_trail FORMAT A20 COLUMN last_archive_ts FORMAT A40 SELECT * FROM dba_audit_mgmt_last_arch_ts; no rows selected
Set a date to purge to
Setup to purge anything older than 90 days before today
BEGIN
DBMS_AUDIT_MGMT.set_last_archive_timestamp(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
last_archive_time => SYSTIMESTAMP-90);
END;
/
Recheck
COLUMN audit_trail FORMAT A20 COLUMN last_archive_ts FORMAT A40 SELECT * FROM dba_audit_mgmt_last_arch_ts; AUDIT_TRAIL RAC_INSTANCE LAST_ARCHIVE_TS -------------------- ------------ ---------------------------------------- STANDARD AUDIT TRAIL 0 08-NOV-14 06.24.44.000000 PM +00:00
