Scribd Logo
Upload

Welcome to Scribd!

  • Auditing Steps

    Uploaded by

    Kailash Solanki
    113 views5 pages
    The document discusses auditing in Oracle 10g and 11g databases. It describes three levels of auditing - statement, privilege, and schema object auditing. It provides details on enabling auditing, querying the audit trail, and maintaining the audit trail by regularly purging older records from the AUD$ table to control its size. In 11g, the DBMS_AUDIT_MGMT package can be used to initialize and schedule regular cleanup of the audit trails.

    Original Description:

    Auditing in Oracle

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses auditing in Oracle 10g and 11g databases. It describes three levels of auditing - statement, privilege, and schema object auditing. It provides details on enabling auditing, querying the audit trail, and maintaining the audit trail by regularly purging older records from the AUD$ table to control its size. In 11g, the DBMS_AUDIT_MGMT package can be used to initialize and schedule regular cleanup of the audit trails.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    113 views5 pages

    Auditing Steps

    Uploaded by

    Kailash Solanki
    The document discusses auditing in Oracle 10g and 11g databases. It describes three levels of auditing - statement, privilege, and schema object auditing. It provides details on enabling auditing, querying the audit trail, and maintaining the audit trail by regularly purging older records from the AUD$ table to control its size. In 11g, the DBMS_AUDIT_MGMT package can be used to initialize and schedule regular cleanup of the audit trails.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Auditing:

    Audit feature provides auditing at three levels in Oracle 10R2 Standard Edition viz.

    1. Statement Auditing
    Information captured:

     The user performing the operation


     The type of operation
     The object involved in the operation
     The date and time of the operation

    2. Privilege Auditing
    Information captured:

     Specify a system privilege to audit SQL statements that are authorized by the specified
    system privilege.
     Rather than specifying many individual system privileges, you can specify the roles
    CONNECT, RESOURCE, and DBA.
     Oracle Database also provides two shortcuts for specifying groups of system privileges
    and statement options at once: ALL and ALL PRIVILEGES to audit system privileges.

    3. Schema Object Auditing


    Information Captured:
     This audits operations on schema objects. For example, if you choose to audit a table
    with the ALTER option, then Oracle Database audits all ALTER TABLE statements issued
    against the table. If you choose to audit a sequence with the SELECT option, then the
    database audits all statements that use any values of the sequence.
    1. Enable Auditing
    SQL> ALTER SYSTEM SET AUDIT_TRAIL=DB SCOPE=SPFILE;
    --static parameter requires instance bounce back

    2. After database is restarted run below statement to enable session


    audits:

    SQL> AUDIT SESSION;

    3. Query to get information

    SQL> COL OSUSER FOR A20


    COL DBUSER FOR A20
    COL TERMINAL FOR A15
    SET LINESIZE 150
    SET PAGESIZE 1000
    SELECT os_username "OSUSER",
    username "DBUSER",
    terminal,
    returncode,
    TO_CHAR(timestamp, 'DD-MON-YYYY HH24:MI:SS') LOGON_TIME,
    TO_CHAR(logoff_time, 'DD-MON-YYYY HH24:MI:SS') LOGOFF_TIME
    FROM dba_audit_session;

    Other important views is DBA_AUDIT_TRAIL

    4. Maintenance

    AUD$ table holds all information when DB audit parameter is used, this
    needs to be cleaned up regularly otherwise it may grow big in size. In
    10g there is no maintenance plan provided by Oracle so we can implement
    a batch job to run DELETE statement for records that have creation date
    older than 3 months (retention period suggested by client).
    Please find below steps to implement cleanup of AUD$ table in 11g onwards databases:

    1. Initialize clean-up of audit data using DBMS_AUDIT_MGMT package

    BEGIN
    DBMS_AUDIT_MGMT.INIT_CLEANUP(
    AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
    DEFAULT_CLEANUP_INTERVAL => 24 /* in hours */);
    END;
    /

    After initializing, you may check configuration using query:


    SELECT * FROM DBA_AUDIT_MGMT_CONFIG_PARAMS
    PARAMETER_NAME PARAMETER_VALUE AUDIT_TRAIL
    ------------------------------ -------------------- --------------------
    ..
    .
    .
    ..
    DEFAULT CLEAN UP INTERVAL 24 STANDARD AUDIT TRAIL
    DEFAULT CLEAN UP INTERVAL 24 FGA AUDIT TRAIL
    DEFAULT CLEAN UP INTERVAL 24 OS AUDIT TRAIL
    DEFAULT CLEAN UP INTERVAL 24 XML AUDIT TRAIL

    2. Create Stored Procedure to set timestamp for cleanup and run purge

    CREATE OR REPLACE PROCEDURE SP_PURGE_AUDIT_TRAILS

    AS
    BEGIN
    SYS.DBMS_AUDIT_MGMT.set_last_archive_timestamp (
    audit_trail_type => SYS.DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
    last_archive_time => systimestamp – 1 /* number of days */
    );

    SYS.DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL (
    audit_trail_type => SYS.DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
    use_last_arch_timestamp => TRUE);
    END;
    /
    3. Schedule purge job using DBMS SCHEDULER

    BEGIN
    SYS.DBMS_SCHEDULER.CREATE_JOB (
    job_name => 'PURGE_ALL_AUDIT_TRAILS',
    job_type => 'PLSQL_BLOCK',
    job_class => 'DEFAULT_JOB_CLASS',
    job_action => 'BEGIN SP_PURGE_AUDIT_TRAILS(); END;',
    start_date => systimestamp,
    end_date => null,
    repeat_interval=> 'FREQ=HOURLY;INTERVAL=1',
    comments => 'This job cleans out audit trails, using DBMS_AUDIT_MGMT'
    );

    SYS.DBMS_SCHEDULER.ENABLE(name => 'PURGE_ALL_AUDIT_TRAILS');

    END;
    /

    4. Verify clean-up

    SELECT * from DBA_AUDIT_MGMT_CLEAN_EVENTS;


    Before 11g
    BATCH SCRIPT (on windows)

    set ORACLE_HOME=E:\Oracle\product\10.2.0\db_1
    set PATH=%ORACLE_HOME%\bin:%PATH%
    set LD_LIBRARY_PATH=%ORACLE_HOME%\lib
    set ORACLE_SID=VIFSL
    sqlplus sys/oracle as sysdba @C:\ncs\auditcleanup\delete_stmt.sql

    SQL SCRIPT

    SET PAGES 10000 LINES 150


    SPOOL C:\ncs\auditcleanup\delete_log.txt;
    DELETE FROM SYS.AUD$ WHERE NTIMESTAMP# < SYSDATE - 90;
    COMMIT;
    SPOOL OFF;
    EXIT;

    Schedule this batch script in task manager to run on regular basis. If OS is linux then schedule in crontab.

    You might also like