This practice uses common UNIX and NT Oracle utilities to practice enabling AUDIT on a database. You will:
- See the procedure to enable and disable Oracle AUDIT on a database.
- Understand the SQL commands used to audit a specific user schema object.
- Investigate how to configure Audit to extend auditing into modified or new schema objects..
- This practice will reference SQL commands that function equally on UNIX operating systems, and the NT operating system, using SQL*Plus.
- Results may vary slightly according to your Oracle environment.
- Utilize the RealPlayer Demonstration in conjunction with this Practice, to further illustrate and guide this activity.
- Login to your sqlplus session using the SYSTEM user object and the current password.
UNIX: Open a shell, login, locate and edit the initSID.ora file for your database:
NT: Use Window’ File Manager to locate the initSID.ora file for your database.
|#audit_trail = true # save, original line
audit_trail = true #activated for demonstration, rjm
Locate the line above, make a full copy of the line in the next newline, then uncomment (remove the # symbol) from the line. Edit comments to reflect your reasons for the change. Save the modified file, then shutdown/startup the instance. Audit is now active on your database instance.
UNIX: Open a shell, login, create a SQLPlus session with the SYSTEM connection.
NT: Create an SQLPlus session with SYSTEM connection.
SQL> audit select any table by scott;
SQL> noaudit select any table by scott;
SQL> audit all by scott;
SQL> noaudit all by scott;
Now, all SELECT activity by the user Scott will be recorded in the audit trail, for our review later.
The NOAUDIT command following disables this selective monitoring once we have accumulated sufficient data to analyze. The next commands will begin monitoring on ALL database activity for the user Scott, and then disables that same type of monitoring.
UNIX: Open a shell, login, create a SQLPlus session with SYSTEM connection:
NT: Create a SQLPlus session with SYSTEM connection:
SQL> audit insert on default;
SQL> audit delete on default;
SQL> audit update on default;
SQL> noaudit insert on default;
SQL> noaudit delete on default;
SQL> noaudit update on default;
These commands will extend INSERT, DELETE, UPDATE auditing to include future new or modified schema objects.
The second set of NOAUDIT commands disable those same audit actions.