Paramètres d'initialisation concernant l'audit :
SQL> col name for a25
SQL> col value for a45
SQL> select name, value from v$parameter where name like '%audit%';
NAME VALUE
------------------------- -------------------------------------
SQL> col value for a45
SQL> select name, value from v$parameter where name like '%audit%';
NAME VALUE
------------------------- -------------------------------------
audit_sys_operations FALSE
audit_file_dest /opt/oracle/product/10gr2/rdbms/audit
audit_syslog_level
audit_trail DB
audit_file_dest /opt/oracle/product/10gr2/rdbms/audit
audit_syslog_level
audit_trail DB
audit_sys_operations : permet l'audit de toutes les opérartions réalisées par SYS (y compris AS SYSDBA ou SYSOPER). Les traces ainsi générées sont générées sur l'OS (et non en base puisque la base peut être fermée lorsque SYS est connecté). Par conséquent on doit avoir obligatoirement audit_trail OS.
audit_file_dest : chemin de destination des traces d'audit lorsque celles-ci sont de type "OS"
audit_syslog_level : paramètre indiquant le niveau de trace que l'on souhaite pour l'audit des actions SYS
ex : AUDIT_SYSLOG_LEVEL=local1.warning
audit_trail : décrit le type de trace d'audit :
DB : dans la table sys.aud$
OS : dans des fichiers de trace sur le serveur
DB + EXTENDED : en base avec possibilité de tracer les queries associées
XML : dans des fichiers de trace XML sur le serveur
DBMS_FGA.DB + DBMS_FGA.EXTENDED : idem DB + EXTENDED mais pour le FGA.
Par défaut, l'audit du privilège CREATE SESSION est activé :
SQL> select user_name, privilege from dba_priv_audit_opts;
USER_NAME PRIVILEGE
------------------------------ ---------------------------
CREATE SESSION
USER_NAME PRIVILEGE
------------------------------ ---------------------------
CREATE SESSION
Déclanchement de l'audit d'un objet :
SQL> audit select, insert, delete on lc.titi by access;
Audit succeeded.
Audit succeeded.
SQL> col owner for a5
SQL> col object_name for a11
SQL> col object_type for a11
SQL> select * from dba_obj_audit_opts where object_name='TITI';
OWNER OBJECT_NAME OBJECT_TYPE ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE CRE REA WRI FBK
----- ----------- ----------- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
LC TITI TABLE -/- -/- -/- A/A -/- -/- A/A -/- -/- A/A -/- -/- -/- -/- -/- -/- -/-
SQL> col object_name for a11
SQL> col object_type for a11
SQL> select * from dba_obj_audit_opts where object_name='TITI';
OWNER OBJECT_NAME OBJECT_TYPE ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE CRE REA WRI FBK
----- ----------- ----------- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
LC TITI TABLE -/- -/- -/- A/A -/- -/- A/A -/- -/- A/A -/- -/- -/- -/- -/- -/- -/-
Trace d'audit :
SQL> delete from titi;
0 rows deleted.
SQL> select count(*) from titi;
COUNT(*)
----------
0
0 rows deleted.
SQL> select count(*) from titi;
COUNT(*)
----------
0
SQL> col username for a11
SQL> col os_username for a11
SQL> col terminal for a15
SQL> col action_name for a11
SQL> alter session set NLS_DATE_FORMAT='DD/MM/YYYY HH24:MI:SS';
Session altered.
SQL> select username, os_username, terminal, action_name, timestamp from (select * from dba_audit_session where username='LC' order by timestamp desc nulls last) where rownum < 2;
USERNAME OS_USERNAME TERMINAL ACTION_NAME TIMESTAMP
----------- ----------- --------------- ----------- -------------------
LC Clala PFIXE080686 LOGON 13/02/2012 16:58:18
SQL> col os_username for a11
SQL> col terminal for a15
SQL> col action_name for a11
SQL> alter session set NLS_DATE_FORMAT='DD/MM/YYYY HH24:MI:SS';
Session altered.
SQL> select username, os_username, terminal, action_name, timestamp from (select * from dba_audit_session where username='LC' order by timestamp desc nulls last) where rownum < 2;
USERNAME OS_USERNAME TERMINAL ACTION_NAME TIMESTAMP
----------- ----------- --------------- ----------- -------------------
LC Clala PFIXE080686 LOGON 13/02/2012 16:58:18
SQL> select os_username, username, terminal, timestamp, action_name from dba_audit_object where owner='LC' and obj_name='TITI';
OS_USERNAM USERNAME TERMINAL TIMESTAMP ACTION_NAM
---------- ---------- --------------- ------------------- ----------
Clala LC PFIXE080686 13/02/2012 16:58:23 DELETE
Clala LC PFIXE080686 13/02/2012 16:58:47 SELECT
OS_USERNAM USERNAME TERMINAL TIMESTAMP ACTION_NAM
---------- ---------- --------------- ------------------- ----------
Clala LC PFIXE080686 13/02/2012 16:58:23 DELETE
Clala LC PFIXE080686 13/02/2012 16:58:47 SELECT
Suppression de l'action d'audit :
SQL> noaudit all on lc.titi;
Noaudit succeeded.
SQL> select * from dba_obj_audit_opts where object_name='TITI';
no rows selected
Noaudit succeeded.
SQL> select * from dba_obj_audit_opts where object_name='TITI';
no rows selected