Search This Blog

Saturday, September 17, 2011

Enable auditing for SYSDBA (sys) user in 9ir2

SYS audit feature introduce in oracle 9ir2 

How to enable SYS audit?
1. set the following three parameters
1.1 
audit_file_dest == (location of audit files (OS) based)
audit_sys_operations === true ( enable sys audit)
audit_trail = OS 

SQL> select * from v$version where rownum=1;

BANNER
----------------------------------------------------------------
Oracle9i Release 9.2.0.4.0 - Production

SQL> show parameter audit-
>

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest                      string      ?/rdbms/audit
audit_sys_operations                 boolean     FALSE
audit_trail                          string      NONE
transaction_auditing                 boolean     TRUE
SQL> host echo $ORACLE_HOME
/disk1/app/oracle/product/9.2.0


SQL>  alter system set audit_file_dest='/disk1/app/oracle/product/9.2.0/audit' s                                                                             cope=spfile;

System altered.


SQL> alter system set audit_sys_operations=true scope=spfile;

System altered.

SQL> alter system set audit_trail='OS' scope=spfile;

System altered.

SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.


SQL> startup
ORACLE instance started.

Total System Global Area  202445884 bytes
Fixed Size                   451644 bytes
Variable Size             184549376 bytes
Database Buffers           16777216 bytes
Redo Buffers                 667648 bytes
Database mounted.
Database opened.

SQL> host ls -lrt $ORACLE_HOME/audit
total 8
-rw-r-----  1 oracle dba 1103 Sep 17 19:44 ora_25676.aud
-rw-r-----  1 oracle dba  734 Sep 17 19:44 ora_25677.aud

SQL>  host cat $ORACLE_HOME/audit/ora_25676.aud
Audit file /disk1/app/oracle/product/9.2.0/audit/ora_25676.aud
Oracle9i Release 9.2.0.4.0 - Production
JServer Release 9.2.0.4.0 - Production
ORACLE_HOME = /disk1/app/oracle/product/9.2.0
System name:    Linux
Node name:      SPI-ISIS
Release:        2.6.9-78.ELsmp
Version:        #1 SMP Wed Jul 9 15:39:47 EDT 2008
Machine:        i686
Instance name: STERLIVE
Redo thread mounted by this instance: 0
Oracle process number: 14
Unix process pid: 25676, image: oracle@SPI-ISIS (TNS V1-V3)

Sat Sep 17 19:44:16 2011
ACTION : 'CONNECT'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL:
STATUS: 0

Sat Sep 17 19:44:16 2011
ACTION : 'SELECT DECODE(null,'','Total System Global Area','') NAME_COL_PLUS_SHO                                                                             W_SGA,    SUM(VALUE), DECODE (null,'', 'bytes','')  FROM V$SGA    UNION ALL    S                                                                             ELECT NAME NAME_COL_PLUS_SHOW_SGA , VALUE,    DECODE (null,'', 'bytes','') FROM                                                                              V$SGA'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL:
STATUS: 0

Sat Sep 17 19:44:20 2011
ACTION : 'ALTER DATABASE   MOUNT'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL:
STATUS: 0


Posted by Mohammed Taj at Saturday, September 17, 2011
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)