1 Definition
Audit_sys_operations audits SYSDBA activities. The default value is false. The related audit information is not recorded in aud $, because it is possible that the database has not been started yet and can only be recorded in files at the operating system level. The default value is false, which does not mean that there is no audit information. operations such as conn/as sysdba are still recorded. The audit information folder specified by the audit_file_dest parameter.
After you set audit_sys_operations to true, each statement published by the user who connects to the database as sysdba or sysoper will be written to the audit of the operating system, this gives a complete record of the operations performed by the DBA.
2. Experiment
Set audit_sys_operations to true. Restart the database.
2.1 Select Operation
SQL> select * from scott. emp;
[Oracle @ cent4 adump] $ ll-t
Total usage 572
-Rw-r ----- 1 oracle oinstall 1935 October 26 21:39 ora_3600.aud
-Rw-r ----- 1 oracle oinstall 51892 October 26 21:38 ora_3821.aud
......
[Oracle @ cent4 adump] $ cat ora_3600.aud
......
Weds Oct 26 21:39:04 2011
ACTION: 'select * from scott. emp'
Database user :'/'
PRIVILEGE: SYSDBA
Client user: oracle
Client terminal: pts/1
STATUS: 0
2.2 show parameter operation
SQL> show parameter audit
NAME TYPE VALUE
-------------------------------------------------------------------------
Audit_file_dest string/u01/app/oracle/admin/ltest/adump
Audit_sys_operations Boolean TRUE
Audit_syslog_level string
Audit_trail string DB, EXTENDED
......
Weds Oct 26 21:41:26 2011
ACTION: 'select NAME NAME_COL_PLUS_SHOW_PARAM, DECODE (TYPE, 1, 'boolean', 2, 'string', 3, 'integer', 4, 'file', 5, 'number', 6, 'Big integer ', 'unknown') TYPE, DISPLAY_VALUE VALUE_COL_PLUS_SHOW_PARAM from v $ parameter where upper (NAME) like upper ('% audit % ') order by NAME_COL_PLUS_SHOW_PARAM, ROWNUM'
Database user :'/'
PRIVILEGE: SYSDBA
Client user: oracle
Client terminal: pts/1
STATUS: 0
We can see from the trace that the show parameter audit statement shows its original statement, as shown below:
Select name name_col_plus_show_param,
Decode (type,
1,
'Boolean ',
2,
'String ',
3,
'Integer ',
4,
'File ',
5,
'Number ',
6,
'Big integer ',
'Unknown ') type,
Display_value value_col_plus_show_param
From v $ parameter
Where upper (name) like upper ('% audit % ')
Order by name_col_plus_show_param, rownum ;,
From Xiaowei's column