在oracle11g中,数据库的审计功能是默认开启的(这和oracle10g的不一样,10g默认是关闭的),\x0d\x0aoracle11gR2的官方文档上写的是错的,当上说default是none,而且是审计到DB级别的,这样就会\x0d\x0a往aud$表里记录统计信息。\x0d\x0a \x0d\x0a1.如果审计不是必须的,可以关掉审计功能;\x0d\x0a\x0d\x0aSQL show parameter audit_trail;\x0d\x0a\x0d\x0aNAME TYPE VALUE\x0d\x0a------------------------------------ ----------- ------------------------------\x0d\x0aaudit_trail string DB\x0d\x0a\x0d\x0aSQL alter system set audit_trail=none scope=spfile;\x0d\x0aSQL shut immediate;\x0d\x0aSQLstartup\x0d\x0a2.删除已有的审计信息\x0d\x0a可以直接truncate表aud$,\x0d\x0atruncate table SYS.AUD$;\x0d\x0a\x0d\x0a3.或者将aud$表移到另外一个表空间下,以减少system表空间的压力和被撑爆的风险。\x0d\x0a \x0d\x0a附:11g中有关audit_trail参数的设置说明:\x0d\x0aAUDIT_TRAIL\x0d\x0aProperty Description\x0d\x0aParameter type String\x0d\x0aSyntaxAUDIT_TRAIL = { none | os | db [, extended] | xml [, extended] }\x0d\x0aDefault valuenone\x0d\x0aModifiable No\x0d\x0aBasic No\x0d\x0aAUDIT_TRAIL enables or disables database auditing.\x0d\x0aValues:\x0d\x0anone\x0d\x0aDisables standard auditing. This value is the default if the AUDIT_TRAIL parameter was not set \x0d\x0ain the initialization parameter file or if you created the database using a method other than \x0d\x0aDatabase Configuration Assistant. If you created the database using Database Configuration \x0d\x0aAssistant, then the default is db.\x0d\x0aos\x0d\x0aDirects all audit records to an operating system file. Oracle recommends that you use the os \x0d\x0asetting, particularly if you are using an ultra-secure database configuration.\x0d\x0adb\x0d\x0aDirects audit records to the database audit trail (the SYS.AUD$ table), except for records \x0d\x0athat are always written to the operating system audit trail. Use this setting for a general \x0d\x0adatabase for manageability.\x0d\x0aIf the database was started in read-only mode with AUDIT_TRAIL set to db, then Oracle Database \x0d\x0ainternally sets AUDIT_TRAIL to os. Check the alert log for details.\x0d\x0adb, extended\x0d\x0aPerforms all actions of AUDIT_TRAIL=db, and also populates the SQL bind and SQL text CLOB-type \x0d\x0acolumns of the SYS.AUD$ table, when available. These two columns are populated only when this \x0d\x0aparameter is specified.\x0d\x0aIf the database was started in read-only mode with AUDIT_TRAIL set to db, extended, then Oracle \x0d\x0aDatabase internally sets AUDIT_TRAIL to os. Check the alert log for details.\x0d\x0axml\x0d\x0aWrites to the operating system audit record file in XML format. Records all elements of the \x0d\x0aAuditRecord node except Sql_Text and Sql_Bind to the operating system XML audit file.\x0d\x0axml, extended\x0d\x0aPerforms all actions of AUDIT_TRAIL=xml, and populates the SQL bind and SQL text CLOB-type columns\x0d\x0a of the SYS.AUD$ table, wherever possible. These columns are populated only when this parameter \x0d\x0ais specified.\x0d\x0aYou can use the SQL AUDIT statement to set auditing options regardless of the setting of this \x0d\x0aparameter.
创新互联建站于2013年开始,是专业互联网技术服务公司,拥有项目成都网站设计、成都网站制作网站策划,项目实施与项目整合能力。我们以让每一个梦想脱颖而出为使命,1280元措勤做网站,已为上家服务,为措勤各地企业和个人服务,联系电话:13518219792
二、审计可以分为3类。
或者说,可以从3种角度去启用审计。
1、语句审计(Statement Auditing)。
对预先指定的某些SQL语句进行审计。这里从SQL语句的角度出发,进行指定。审计只关心执行的语句。
例如,audit CREATE TABLE;命令,就表明对"create table"语句的执行进行记录。 不管这语句是否是针对某个对象的操作
2、权限审计(Privilege Auditing)
对涉及某些权限的操作进行审计。这里强调“涉及权限”
例如,audit CREATE TABLE;命令,又可以表明对涉及“CREATE TABLE”权限的操作进行审计。
所以说,在这种命令的情况下,既产生一个语句审计,又产生了一个权限审计。
有时候“语句审计”和“敞氦搬教植寄邦犀鲍篓权限审计”的相互重复的。这一点可以后面证明。
3、对象审计(Object Auditing)。 记录作用在指定对象上的操作。
aix平台上,从 rac 环境 tar 过来的oracle软件,直接解包到新机器上,目标环境是单机,则需要关闭 rac 选项。
1. Login as the Oracle software owner and shutdown all database instances on all nodes in the cluster.