以下內容測試版本爲oracle 19c,其他版本可能會略有不同。最好是在創建數據庫之後就進行設置,審計數據越多遷移會越麻煩,還可能影響業務。
| 編號 | 需求項 | 需求細節內容 | 說明 | |
| 準備工作 | 1 | 檢查是否打開審計 | show parameter audit | audit_trail爲NONE則未開啓 |
| 2 | 檢查審計表現在所在表空間 | SELECT table_name, tablespace_name FROM dba_tables WHERE table_name IN ('AUD$', 'FGA_LOG$') ORDER BY table_name; |
TABLE_NAME TABLESPACE_NAME -------------------------------------------------------------------------------- AUD$ SYSTEM FGA_LOG$ SYSTEM |
|
| 3 | 檢查審計相關表數據量 | select segment_name,bytes/1024/1024 size_in_megabytes from dba_segments where segment_name in ('AUD$','FGA_LOG$'); | 如果AUD$很大,遷移期間其他進程會被enq: ZA - add std audit table partition等待事件阻塞,需要先導出該表數據然後truncate | |
| 4 | 創建新審計表空間 | create tablespace TBAUDIT datafile size 1g autoextend on next 100m maxsize 30g; | 注意有沒有啓用OMF show parameter create |
|
| 5 | 檢查當前數據庫的失效對象 | select OWNER,OBJECT_NAME,OBJECT_TYPE,status,TIMESTAMP,LAST_DDL_TIME from dba_objects where STATUS ='INVALID'; | 注意遷移後新增了哪些失效對象 | |
| 遷移審計表 | 6 | 遷移AUD$表 | BEGIN DBMS_AUDIT_MGMT.set_audit_trail_location( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, audit_trail_location_value => 'TBAUDIT'); END; / |
.0625M約8s |
| 7 | 遷移FGA_LOG$表 | BEGIN DBMS_AUDIT_MGMT.set_audit_trail_location( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD, audit_trail_location_value => 'TBAUDIT'); END; / |
.0625M約7s | |
| 8 | 檢查遷移結果 | SELECT table_name, tablespace_name FROM dba_tables WHERE table_name IN ('AUD$','FGA_LOG$') ORDER BY table_name; | TABLE_NAME TABLESPACE_NAME -------------------------------------------------------------------------------- AUD$ TBAUDIT FGA_LOG$ TBAUDIT |
|
| 初始化清理對象和間隔(168h) | 9 | AUD$表 | BEGIN DBMS_AUDIT_MGMT.init_cleanup( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, default_cleanup_interval => 168 ); END; / |
驗證: set lines 800 COLUMN parameter_name FORMAT A30 COLUMN parameter_value FORMAT A20 COLUMN audit_trail FORMAT A20 SELECT * FROM dba_audit_mgmt_config_params WHERE PARAMETER_NAME = 'DEFAULT CLEAN UP INTERVAL'; PARAMETER_NAME PARAMETER_VALUE AUDIT_TRAIL ------------------------------ -------------------- -------------------- DEFAULT CLEAN UP INTERVAL 168 FGA AUDIT TRAIL DEFAULT CLEAN UP INTERVAL 168 STANDARD AUDIT TRAIL |
| 10 | FGA_LOG$表 | BEGIN DBMS_AUDIT_MGMT.init_cleanup( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD, default_cleanup_interval => 168 ); END; / |
||
| 驗證審計日誌清除是否已開啓 | 11 | 驗證審計日誌清除是否已開啓 | SET SERVEROUTPUT ON BEGIN IF DBMS_AUDIT_MGMT.is_cleanup_initialized(DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD) THEN DBMS_OUTPUT.put_line('YES'); ELSE DBMS_OUTPUT.put_line('NO'); END IF; END; / |
輸出應爲YES |
| 設置審計信息保留時間(90天) | 12 | AUD$表 | BEGIN DBMS_AUDIT_MGMT.set_last_archive_timestamp( audit_trail_type => dbms_audit_mgmt.audit_trail_aud_std, last_archive_time => SYSTIMESTAMP-90); END; / |
|
| 13 | FGA_LOG$表 | BEGIN DBMS_AUDIT_MGMT.set_last_archive_timestamp( audit_trail_type => dbms_audit_mgmt.audit_trail_fga_std, last_archive_time => SYSTIMESTAMP-90); END; / |
||
| 查看審計數據最後歸檔時間 | 14 | 查看審計數據最後歸檔時間 | SELECT * FROM dba_audit_mgmt_last_arch_ts; | 只有歸檔的數據才能刪除 |
| schedule及job設置 | 15 | 創建清理的schedule | BEGIN DBMS_AUDIT_MGMT.create_purge_job( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD, audit_trail_purge_interval => 168 /* hours */, audit_trail_purge_name => 'PURGE_STD_AUDIT_TRAILS', use_last_arch_timestamp => TRUE); END; / |
|
| 16 | 修改清理job運行時間 | BEGIN SYS.DBMS_SCHEDULER.SET_ATTRIBUTE ( name => 'AUDSYS.PURGE_STD_AUDIT_TRAILS' ,attribute => 'START_DATE' ,value => TO_TIMESTAMP_TZ('2019/11/28 02:05:00.000000 +08:00','yyyy/mm/dd hh24:mi:ss.ff tzr') ); SYS.DBMS_SCHEDULER.SET_ATTRIBUTE ( name => 'AUDSYS.PURGE_STD_AUDIT_TRAILS' ,attribute => 'REPEAT_INTERVAL' ,value => 'FREQ=WEEKLY; BYDAY=SAT' ); END; / |
設置爲每日凌晨2點5分 | |
| 17 | 創建schedule每天設置保留時間爲90天前 | BEGIN SYS.DBMS_SCHEDULER.CREATE_JOB ( job_name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD' ,start_date => TO_TIMESTAMP_TZ('2018/12/19 01:05:00.000000 +08:00','yyyy/mm/dd hh24:mi:ss.ff tzr') ,repeat_interval => 'FREQ=WEEKLY; BYDAY=SAT' ,end_date => NULL ,job_class => 'DEFAULT_JOB_CLASS' ,job_type => 'PLSQL_BLOCK' ,job_action => 'BEGIN DBMS_AUDIT_MGMT.set_last_archive_timestamp( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, last_archive_time => SYSTIMESTAMP-90); DBMS_AUDIT_MGMT.set_last_archive_timestamp( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD, last_archive_time => SYSTIMESTAMP-90); END;' ,comments => NULL ); SYS.DBMS_SCHEDULER.SET_ATTRIBUTE ( name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD' ,attribute => 'RESTARTABLE' ,value => FALSE); SYS.DBMS_SCHEDULER.SET_ATTRIBUTE ( name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD' ,attribute => 'LOGGING_LEVEL' ,value => SYS.DBMS_SCHEDULER.LOGGING_OFF); SYS.DBMS_SCHEDULER.SET_ATTRIBUTE_NULL ( name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD' ,attribute => 'MAX_FAILURES'); SYS.DBMS_SCHEDULER.SET_ATTRIBUTE_NULL ( name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD' ,attribute => 'MAX_RUNS'); BEGIN SYS.DBMS_SCHEDULER.SET_ATTRIBUTE ( name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD' ,attribute => 'STOP_ON_WINDOW_CLOSE' ,value => FALSE); EXCEPTION -- could fail if program is of type EXECUTABLE... WHEN OTHERS THEN NULL; END; SYS.DBMS_SCHEDULER.SET_ATTRIBUTE ( name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD' ,attribute => 'JOB_PRIORITY' ,value => 3); SYS.DBMS_SCHEDULER.SET_ATTRIBUTE_NULL ( name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD' ,attribute => 'SCHEDULE_LIMIT'); SYS.DBMS_SCHEDULER.SET_ATTRIBUTE ( name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD' ,attribute => 'AUTO_DROP' ,value => TRUE); SYS.DBMS_SCHEDULER.ENABLE (name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'); END; / |
||
| 18 | 檢查2個schedule是否設置 | SELECT owner,job_name,run_count,next_run_date FROM DBA_SCHEDULER_JOBS WHERE job_name IN ('PURGE_STD_AUDIT_TRAILS','MOVE_LAST_TIMESTAMP_FORWARD'); | 檢查運行時間是否是每天的凌晨1點5分和2點5分 | |
| 檢查是否有新增的審計相關失效對象 | 19 | 如果跟AUDIT相關的,需重編譯一下 | COLUMN OBJECT_NAME FORMAT A30 COLUMN OBJECT_TYPE FORMAT A20 COLUMN status FORMAT A20 COLUMN TIMESTAMP FORMAT A26 COLUMN LAST_DDL_TIME FORMAT A26 select OWNER,OBJECT_NAME,OBJECT_TYPE,status,TIMESTAMP,LAST_DDL_TIME from dba_objects where STATUS ='INVALID'; |
alter view sys.DBA_FGA_AUDIT_TRAIL compile; alter view sys.DBA_COMMON_AUDIT_TRAIL compile; alter view SYS.FGA_LOG$FOR_EXPORT compile; alter public synonym DBA_COMMON_AUDIT_TRAIL compile; alter public synonym DBA_FGA_AUDIT_TRAIL compile; --for CDB alter view sys.CDB_FGA_AUDIT_TRAIL compile; alter view sys.CDB_COMMON_AUDIT_TRAIL compile; alter PACKAGE DBMS_AUDIT_UTIL compile; alter PUBLIC SYNONYM CDB_FGA_AUDIT_TRAIL compile; alter PUBLIC SYNONYM CDB_COMMON_AUDIT_TRAIL compile; alter PUBLIC SYNONYM DBMS_AUDIT_UTIL compile; |
| 保留備用 | 1 | 反向初始化方法 | exec sys.DBMS_AUDIT_MGMT.deinit_cleanup(audit_trail_type=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD); | |
| 2 | exec sys.DBMS_AUDIT_MGMT.deinit_cleanup(audit_trail_type=> DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD); | |||
| 3 | 刪除清理schedule | exec sys.DBMS_AUDIT_MGMT.drop_purge_job('PURGE_STD_AUDIT_TRAILS'); | ||
| 4 | 刪除重置時間的schedule | exec SYS.DBMS_SCHEDULER.DROP_JOB(job_name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'); |