首先确保Oracle初始化参数audit_trail值为DB或OS,通过“show parameter audit_trail;”查看。
1 语句审计
audit table by test by access;
select * from dba_stmt_audit_opts; –查看是否创建语句审计成功
select * from employee_log;
delete from employee_log where l_date =‘2018-09-27 16:15:43‘;
select * from dba_audit_trail; –查看审计记录
2 对象审计
audit delete on test.employee_log by access;
select * from dba_obj_audit_opts; –查看是否创建对象审计成功
select * from employee_log;
delete from employee_log where l_date =‘2018-09-27 16:15:43‘;
select * from dba_audit_trail; –查看审计记录
3 权限审计
audit select any table;–创建权限审计
–确保当前用户有select any table系统权限
select * from dba_priv_audit_opts;–查看是否创建权限审计成功
select * from employee_log;
select * from dba_audit_trail; —查看审计记录
4 精细审计
begin
dbms_fga.add_policy(
object_schema=>‘test‘,
object_name=>‘employee_log‘,
policy_name=>‘fga_test‘,
audit_column=>‘l_date‘,
enable=>true,
statement_types=>‘select‘
);
end; —创建精细审计
select * from dba_audit_policies; –查看是否创建精细审计成功
select * from employee_log where l_date =‘2018-09-27 16:15:43‘;
select * from dba_fga_audit_trail;–查看精细审计记录
select * from employee_log;
select * from dba_fga_audit_trail;