The ORACLE tutorial is as follows: Oracle 8x monitors the logon status of sysdba users. Before Oracle 8i, internal users were used to start and shut down databases and create databases. Since the 8i version, Oracle has gradually eliminated internal users, users granted the sysdba or sysoper role can start and close the database. To keep the user's habits in 8i, internal users and svrmgrl are retained, however, svrmgrl and internal users are completely unavailable. The newly released oracle 9i has completely eliminated svrmgrl and internal users. Users with sysdba have high permissions and can start and close databases. Therefore, users with these roles must be monitored.
In Oracle database products on unix platforms, every time a user logs on to the database with sysdba permissions, the system automatically creates a database named ora _. aud file, which is in the $ ORACLE_HOME/rdbms/audit directory by default. The system does not need to enable the audit function to automatically create the file. This file records the connected user, terminal machine name, Logon Time, and other information. Based on this information, we can easily monitor who logged on to the database with sysdba permissions. The following is an example:
1. First, connect to the database server with sysdba in the sqlplus client:
SQL> conn sys @ gs1 as sysdba
Enter the password :********
Connected.
2. view the latest ora _. aud file in the $ ORACLE_HOME/rdbms/audit directory on the server:
From the content in the above file, we can see that this file records the logon time, the operations performed, the client user name, and the name of the terminal machine that logs on to the server in detail. Based on this information, we can easily determine who has logged on to the database server with sysdba permissions. Note that the Chinese characters in the ora_589980.aud file are added by the author rather than automatically generated by the system.