NAME TYPE VALUE
------------------------------ ----------- ------------------------------
audit_file_dest string /test/oracle/product/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
Set the above parameters in Init file
and bounce the DB
SQL> audit connect;
Audit succeeded.
SQL> audit create user;
Audit succeeded.
SQL> audit drop user;
Audit succeeded.
SQL> audit alter user;
Audit succeeded.
Sample Audit File that created by enabling Audit.
=================================================
Audit file /Test/oracle/product/102/admin/TEST/adump/Test_ora_18632_1.aud
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
ORACLE_HOME = /Test/oracle/product/102
System name: HP-UX
Node name: test02
Release: B.11.31
Version: U
Machine: ia64
Instance name: TEST
Redo thread mounted by this instance: 1
Oracle process number: 56
Unix process pid: 18632, image: oracle@test02
Sun Apr 18 05:53:41 2010
LENGTH : '139'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[5] 'pts/6'
STATUS:[1] '0'
Sun Apr 18 05:54:00 2010
LENGTH : '416'
ACTION :[282] 'SELECT NAME NAME_COL_PLUS_SHOW_PARAM,DECODE(TYPE,1,'boolean',2,'string',3,'integer',4,'file',5,'number', 6,'big integer', 'unknown') TYPE,DISPLAY_VALUE VALUE_COL_PLUS_SHOW_PARAM FROM V$PARAMETER WHERE UPPER(NAME) LIKE UPPER('%audit%') ORDER BY NAME_COL_PLUS_SHOW_PARAM,ROWNUM'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[5] 'pts/6'
STATUS:[1] '0'
$ s^?
$ date
Sun Apr 18 05:54:59 EDT 2010
$ cat Test_ora_14418_1.aud
Audit file /Test/oracle/product/102/admin/TEST/adump/Test_ora_14418_1.aud
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
ORACLE_HOME = /Test/oracle/product/102
System name: HP-UX
Node name: test02
Release: B.11.31
Version: U
Machine: ia64
Instance name: TEST
Redo thread mounted by this instance: 1
Oracle process number: 125
Unix process pid: 14418, image: oracle@test02
Sun Apr 18 04:17:17 2010
LENGTH : '134'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:17 2010
LENGTH : '161'
ACTION :[33] 'select name, dbid from v$database'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:17 2010
LENGTH : '220'
ACTION :[92] 'select nvl(max(cpmid),0) from x$kcccp where cpsta = 2'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:17 2010
LENGTH : '216'
ACTION :[88] 'select distinct my.sid, sex.serial from v$mystat my, x$ksusex sex where sex.sid = my.sid'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:17 2010
LENGTH : '230'
ACTION :[101] 'select instance_name, instance_number, decode(parallel, 'YES', 1, 0) parallel from v$instance'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:17 2010
LENGTH : '182'
ACTION :[55] 'alter session set remote_dependencies_mode = signature'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:17 2010
LENGTH : '195'
ACTION :[67] 'alter session set events 'immediate trace name krb_options level 5''
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:17 2010
LENGTH : '161'
ACTION :[34] 'select distinct sid from v$mystat'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:25 2010
LENGTH : '158'
ACTION :[30] 'SELECT SYSDATE FROM X$DUAL '
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:32 2010
LENGTH : '173'
ACTION :[45] 'SELECT ABS(SYSDATE - :b1 ) FROM X$DUAL '
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:33 2010
LENGTH : '155'
ACTION :[27] 'select count(*) from x$dual'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Sun Apr 18 04:17:33 2010
LENGTH : '160'
ACTION :[32] 'select count(*) from sys.x$kcrmx'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[8] 'orTest'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Cheers :)
Viswanath
No comments:
Post a Comment