{監査}標準監査

 

https://docs.oracle.com/cd/F19136_01/dbseg/introduction-to-auditing.html
https://docs.oracle.com/cd/F19136_01/sqlrf/AUDIT-Traditional-Auditing.html

 


     SYSユーザの監査を有効化
show parameter audit

ALTER SYSTEM SET AUDIT_SYS_OPERATIONS=TRUE SCOPE=SPFILE;
shutdown immediate;
startup

show parameter audit


     標準監査を有効化
show parameter audit
alter system set audit_trail=XML,EXTENDED scope=spfile;
shutdown immediate
startup

!ls -ltr /u01/app/oracle/admin/orcl/adump


conn test/test

-- SQL文の監査
AUDIT SELECT TABLE BY ACCESS;
AUDIT SELECT TABLE, INSERT TABLE, DELETE TABLE
      BY ACCESS
      WHENEVER NOT SUCCESSFUL;

AUDIT ALL STATEMENTS BY sh,hr BY ACCESS WHENEVER SUCCESSFUL;

AUDIT ALL BY sh BY ACCESS;
AUDIT ALL STATEMENTS IN SESSION CURRENT BY ACCESS WHENEVER NOT SUCCESSFUL;
AUDIT ALL STATEMENTS IN SESSION CURRENT;
AUDIT SESSION BY ACCESS;
AUDIT NOT EXISTS;

-- 権限の監査
AUDIT DELETE ANY TABLE BY ACCESS;


-- スキーマオブジェクトの監査
AUDIT SELECT ON HR.EMPLOYEES BY ACCESS
AUDIT DELETE ON sh.sales BY ACCESS;

AUDIT SELECT, INSERT, DELETE
     ON sh.sales
     BY ACCESS
     WHENEVER SUCCESSFUL;


-- ディレクトリオブジェクトの監査
AUDIT EXECUTE ON DIRECTORY ORA_DIR BY ACCESS;

-- プロシージャの監査
AUDIT EXECUTE PROCEDURE BY ACCESS;
AUDIT EXECUTE PROCEDURE BY hr BY ACCESS;

-- ネットワークの監査

AUDIT NETWORK BY ACCESS;


select * from DBA_OBJ_AUDIT_OPTS;
select * from DBA_PRIV_AUDIT_OPTS;
select * from DBA_STMT_AUDIT_OPTS;