By default, an audit record is generated every time an audited system privilege is exercised.
system privilege auditing You use system privilege auditing to audit the exercise of system privileges, such as DROP ANY TABLE. You can focus the audit by username or by success or failure. SQL statement auditing You use the SQL statement AUDIT TABLE to audit any DDL statement that affects a table, including CREATE TABLE, DROP TABLE, and TRUNCATE TABLE. Information gathered in a record includes connection time, disconnection time, and logical and physical I/Os processed. This option generates a separate record for each session created by connection to an instance. session auditing You use the AUDIT SESSION option to audit the creation of user sessions. You need to specify BY ACCESS to generate a separate audit trail for each action, as the default grouping is by session. Object privilege auditing You use object privilege auditing to audit actions on tables, views, procedures, sequences, directories and user-defined data types. There are four auditing options in Oracle 10g. The WHENEVER SUCCESSFUL clause is used with the AUDIT command to capture information on audit events that have succeeded. The AUDIT TABLE command captures any information that affects any table. The default setting for the AUDIT_TRAIL parameter is DB, which stores audit records in the database. You use the AUDIT_TRAIL initialization parameter to point to a storage location for audit records. You can then focus an audit on, for example, the user who generated an audit event, or on whether the event was successful or unsuccessful. You can focus an audit command by using ON and WHENEVER SUCCESSFUL clauses. This will capture too much unfocused information. However, you need to focus an audit command so that the information it gathers is relevant and useful.įor example, using the AUDIT TABLE audit command as shown captures any operation that affects any table. NONE Setting the parameter to NONE disables audit record collection in the database.ĭatabase auditing can capture information about OS Setting the parameter to OS stores audit records in the operating-system audit trail. This is the normal setting for the parameter. There are three possible settings for this parameter.ĭB Setting the parameter to DB stores audit records in the DBA_AUDIT_TRAIL table in the database. You use the non-dynamic AUDIT_TRAIL parameter to enable standard database auditing by specifying a storage location for audit records. Working with auditing options and results Value-based auditing is implemented through database triggers. Standard database auditing also captures information on object access. And value-based auditing captures changes to data, such as inserts, updates, and deletes.įine-grained auditing also captures information about the event. Standard database auditing captures information about an audited event. Questionįine-grained auditing captures SQL statements used in an audited event. In addition to capturing the fact that an audited event occurred, it captures the SQL statement that was used to precipitate the event. fine-grained auditing Fine-grained auditing (FGA) is used to audit SQL statements. It captures not only the occurrence of the audited event, but the actual values that were inserted, updated, or deleted. value-based auditing Value-based auditing records changes to data, such as inserts, updates, and deletes. It also captures information on object access. Standard database auditing Standard database auditing captures several pieces of information about an audited event, including when the event occurred, the user who caused the event, and the client machine that was used. Oracle 10g provides three types of auditing.
This increases your system's workload and can affect system performance, especially if you audit every action in the database.Īuditing should therefore be focused, so that only relevant events are captured. This is good practice from a security standpoint, as auditing can detect suspicious activity and enable the DBA to take appropriate action.Īuditing is an activity that captures and stores information about what is happening in the database. A database administrator can audit all actions that take place within a database.
0 kommentar(er)
