首先确保Oracle初始化参数audit_trail值为DB或OS,通过“show parameter audit_trail;”查看。
1 语句审计
audit table by test by access;
select * from dba_stmt_audit_opts; --查看是否创建语句审计成功
select * from employee_log;
delete from employee_log where l_date ='2018-09-27 16:15:43';
select * from dba_audit_trail; --查看审计记录
2 对象审计
audit delete on test.employee_log by access;
select * from dba_obj_audit_opts; --查看是否创建对象审计成功
select * from employee_log;
delete from employee_log where l_date ='2018-09-27 16:15:43';
select * from dba_audit_trail; --查看审计记录
3 权限审计
audit select any table;--创建权限审计
--确保当前用户有select any table系统权限
select * from dba_priv_audit_opts;--查看是否创建权限审计成功
select * from employee_log;
select * from dba_audit_trail; ---查看审计记录
4 精细审计
begin
dbms_fga.add_policy(
object_schema=>'test',
object_name=>'employee_log',
policy_name=>'fga_test',
audit_column=>'l_date',
enable=>true,
statement_types=>'select'
);
end; ---创建精细审计
select * from dba_audit_policies; --查看是否创建精细审计成功
select * from employee_log where l_date ='2018-09-27 16:15:43';
select * from dba_fga_audit_trail;--查看精细审计记录
select * from employee_log;
select * from dba_fga_audit_trail;