By using standard auditing, operations performed against database objects by sys or users with sysdba and sysoper privileges are not audited. Only details about logon including the terminal and the date are audited by mandatory auditing. This recipe will show you how to enable the audit for sys users.
- In a separate terminal open
/var/log/oracle_audit.logwith thetail –fcommand. From a second terminal connect assysdbaand issue a count against thehr.employeestable:SQL> conn / as sysdba Connected. SQL> select count(*) from hr.employees; COUNT(*) ---------- 107
- If you now look at
/var/opt/oracle_audit.logyou will see that nothing was recorded. - Connect as
sysdbaand modifyaudit_sys_operationtotrueas follows:SQL> alter system set audit_sys_operations=true scope=spfile; - Bounce the database.
- Connect as
sysdbaand reissue the count againsthr.employees:SQL> conn / as sysdba Connected. SQL> select count(*) from hr.employees; COUNT(*) ---------- 107
- Now if you look in
/var/log/oracle_audit.logyou should see that the previous operation was audited this time:Sep 16 23:34:41 nodeorcl1 Oracle Audit[3492]: LENGTH : '186' ACTION :[33] 'select count(*) from hr.employees' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[10] '2310990645'
The audit trails for users with sysdba and sysoper roles once enabled are always generated externally using operating system files in a location specified by audit_file_dest or the default locations (ORACLE_BASE/admin/DB_UNIQUE_NAME/adump or $ORACLE_HOME/rdbms/audit) regardless of the audit_trail parameter setting.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.