Role of Audit
1. Review suspicious activities
2. monitor and collect data about specified database activities
Audit type
1. STATEMENT Audit statement auditing)
2. Permission Audit privilege auditing)
3. OBJECT audit object auditing)
Audit information
The audit information recorded in the AUD $ table includes.
SESSIONID: The Number ID of the session.
ENTRYID: the ID of the audit information item.
STATEMENT: The Number ID of each executed command.
TIMESTAP #: date and time when the design information is generated.
USERID: The Oracle user ID used by the audited user.
USERHOST: The digital ID of the Data Warehouse routine used by the user to be audited.
TERMINAL: the operating system TERMINAL description of the user to be audited.
ACTION #: The identifier of the ACTION to be audited.
RETURNCODE: return code after each audited command is executed. If it is 0, the operation is successful.
OBJ $ CREATOR: the CREATOR of an object affected by an operation audits the operation ).
OBJ $ NAME: the NAME of the object affected by an operation audits the operation ).
AUTH $ PRIVILEGES: The system permission used.
AUTH $ GRANTEE: the object permission used.
NEW $ OWNER: OWNER of the object named in column NEW_NAME.
NEW $ NAME: NAME of the object named in column NEW_NAME.
SES $ ACTIONS: the string of the Session Summary, which records the Success and Failure Information of different operations.
SES $ TID: the transaction ID of the session.
LOGOFF $ LREAD: Number of logical reads executed in a session.
LOGOFF $ PREAD: Number of physical reads executed in a session.
LOGOFF $ LWRITE: Number of logical writes executed in a session.
LOGOFF $ DEAD: Number of deadlocks detected in a session.
LOGOFF $ TIME: the date and TIME when the user exits the system.
COMMENT $ TEXT: text comment on design information items.
CLIENTID: Client ID.
SPARE1: standby.
SPARE2: standby.
OBJ $ LABEL: the LABEL associated with the object.
SES $ LABEL: the LABEL associated with the session.
PRIV $ USED: the system permission to perform the operation.
SESSIONCPU: the CPU time used by the session.
Launch of Audit
8.34. Edit all database configuration parameters tab.
Audit instance
1) log on to SQLPlus Worksheet as a SYSTEM user and run the following SQL code. The execution result is 8.35.
―――――――――――――――――――――――――――――――――――――
Audit session;
―――――――――――――――――――――――――――――――――――――
For more information, see [CD files]: Chapter 1 \ auditsession. SQL.
2) log on to another SQLPlus Worksheet as SCOTT ].
3) query the content of the AUD $ table. The main audit information is as follows.
―――――――――――――――――――――――――――――――――――――
SESSIONID: 518
ENTRI \ YID: 1
STATEMENT: 1
TIMESTAMP #: 13-March 13-2003 11:28:24 AM
USERID: SCOTT
TERMINAL: MYNETSERVER
ACTION #: 100
RETURNCODE: 0
COMMENT $ TEXT: Authenticated by: DATABASE; Client address:
ADDRESS = (PROTOCOL = tcp) (HOST = 128.0.0.1) (PORT = 1088 ))
SPARE1: MYNETSERVER \ Administrator
PRIV $ USED: 5