My Journey as an Oracle DBA: AUDIT SYS/SYSDBA/SYSOPER

Thursday 30 May 2013

AUDIT SYS/SYSDBA/SYSOPER

The new parameter AUDIT_SYS_OPERATIONS allows the audit of all statements issued by SYS/SYSDBA/SYSOPER in an OS audit trail file.

Startup database with AUDIT_SYS_OPERATIONS set to TRUE.

SQL> show parameter audit

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /data/oracle/db/tech_st/11.2.0/rdbms/audit
audit_sys_operations boolean TRUE

Now,do some activity as sysdba
SQL> conn sys/sys as sysdba
Connected.

SQL> create table abc (name varchar2(10));
Table created.

SQL> drop table abc;
Table dropped.

Go to /data/oracle/db/tech_st/11.2.0/rdbms/audit

cat ORCL_ora_17493_1.aud
Tue Apr 29 05:41:51 2014 -04:00
LENGTH : '190'
ACTION :[36] 'create table abc (name varchar2(10))'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'oraclone'
CLIENT TERMINAL:[5] 'pts/6'
STATUS:[1] '0'
DBID:[9] '761851345'

Tue Apr 29 05:42:00 2014 -04:00
LENGTH : '168'
ACTION :[14] 'drop table abc'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'oraclone'
CLIENT TERMINAL:[5] 'pts/6'
STATUS:[1] '0'
DBID:[9] '761851345'

My Journey as an Oracle DBA

Thursday 30 May 2013

AUDIT SYS/SYSDBA/SYSOPER

No comments:

Post a Comment