Oracle 9i Audit

The role of audit 1. Review of suspicious activities 2. Monitor and collect data about the specified database activity Types of audits 1. Statement Auditing (STATEMENT auditing) 2. Authority Audit (Privilege auditing) 3. Objects auditing (object auditing) Information on audits The audit information recorded in the Aud$ table includes. SESSIONID: The numeric ID of the session. ENTRYID: ID of the audit information item. STATEMENT: The numeric ID of each command executed. timestap#: Date and time when the design information was generated. USERID: The Oracle User ID used by the audited user. Userhost: The digital ID of the database routine used by the audited user. TERMINAL: The operating system terminal descriptor of the audited user. action#: Identification of the audited operation. ReturnCode: The return code of each audited command, if 0, indicates a successful operation. Obj$creator: The creator of an object that is affected by an operation (auditing of operations). Obj$name: The name of the object that is affected by an operation (auditing of operations). Auth$privileges: System permissions to use. Auth$grantee: Object permissions to use. New$owner: The owner of the object named in the column new_name. New$name: The name of the object named in the column new_name. Ses$actions: A string of session summaries that record the success and failure information for different operations. Ses$tid: The transaction ID of the session. Logoff$lread: The number of logical reads performed in a session. Logoff$pread: The number of physical reads performed in the session. Logoff$lwrite: The number of logical writes performed in a session. Logoff$dead: Number of deadlocks detected in the session. Logoff$time: Date and time when the user exited the system. Comment$text: A textual annotation of the design information item. CLIENTID: Client ID. SPARE1: Spare. SPARE2: Spare. Obj$label: The label associated with the object. Ses$label: The label associated with the session. Priv$used: System permissions to perform operations. SESSIONCPU: CPU time occupied by the session. Commencement of audits The "All Parameters" tab of the Edit database configuration, as shown in Figure 8.34. Examples of audits (1) with the system user Login "Sqlplus worksheet", execute the following SQL code, the results are as shown in Figure 8.35. ――――――――――――――――――――――――――――――――――――― AUDIT session; ――――――――――――――――――――――――――――――――――――― "See CD-ROM File": 8th Chapter \auditsession.sql. (2) to log into another "Sqlplus worksheet" by Scott user. (3) Query the contents of the aud$ table, the main audit information is as follows. ――――――――――――――――――――――――――――――――――――― sessionid:518 Entri\yid:1 Statement:1 timestamp#:13-February -2003 11:28:24 AM Userid:scott Terminal:mynetserver action#:100 returncode:0 Comment$text:authenticated by:database; Client Address: Address= (PROTOCOL=TCP) (host=128.0.0.1) (port=1088)) Spare1:mynetserver\administrator Priv$used:5 ―――――――――――――――――――――――――――――――――――――