Shulou(Shulou.com)05/31 Report--

DM7 audit sentence sequence audit is how, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

Audit mechanism is one of the important parts of security management of DM database management system. DM database not only provides data security protection measures, but also provides post-audit supervision of daily events. DM has a flexible audit subsystem that allows you to record system-level events, individual user behavior, and access to database objects. By investigating and tracking audit information, database auditors can view the form of user access and the operations they have tried to do to the system, so as to take positive and effective measures.

Audit switch

In the DM system, the switch is specially set for the audit. In order to use the audit function, the audit switch must be turned on first. The audit switch is controlled by the INI parameter ENABLE_AUDIT of DM and has three values:

0: turn off audit

1: open general audit

2: open general audit and real-time audit

In the normal version, the default value of ENABLE_AUDIT is 0; in the secure version, the default value of ENABLE_AUDIT is 2.

The audit switch must be set by an administrator with DBA privileges.

The system administrator can query the current value of V$PARAMETER by querying the ENABLE_AUDIT dynamic view.

SQL > select * from v$parameter where name='ENABLE_AUDIT'

LINEID ID NAME TYPE VALUE SYS_VALUE FILE_VALUE DESCRIPTION

-

1 385 ENABLE_AUDIT SYS 0 0 0 Flag For Allowing Audit, 0: no audit 1: normal audit 2:normal audit and realtime audit

Used time: 8.170 (ms). Execute id is 24948.

SQL > sp_set_para_value (1 recording ENABLECTROAUDITY 2)

DMSQL executed successfully

Used time: 80.901 (ms). Execute id is 24968.

SQL > select * from v$parameter where name='ENABLE_AUDIT'

LINEID ID NAME TYPE VALUE SYS_VALUE FILE_VALUE DESCRIPTION

-

1 385 ENABLE_AUDIT SYS 2 2 2 Flag For Allowing Audit, 0: no audit 1: normal audit 2:normal audit and realtime audit

Used time: 6.829 (ms). Execute id is 24969.

SQL > select * from v$dm_ini where para_name='ENABLE_AUDIT'

LINEID PARA_NAME PARA_VALUE MIN_VALUE MAX_VALUE MPP_CHK SESS_VALUE FILE_VALUE DESCRIPTION PARA_TYPE

1 ENABLE_AUDIT 2 0 2 N 2 2 Flag For Allowing Audit, 0: no audit 1: normal audit 2:normal audit and realtime audit SYS

Used time: 7.090 (ms). Execute id is 24970.

SQL >

You can also reset the value of ENABLE_AUDIT by using the client tool Console or by calling the system procedure SP_SET_PARA_VALUE, where ENABLE_AUDIT is a dynamic INI parameter.

Setting and cancellation of audit

Database auditors specify that the activities of the audited objects are called audit settings, and only auditors with AUDIT DATABASE privileges can make audit settings. DM provides an audit setup system process to achieve this setting, and the audited object can be a certain type of operation or the entire whereabouts of some users in the database. Only preset operations and users can be automatically audited by the DM system.

DM allows audit settings at three levels

System level: the startup and shutdown of the system. The audit at this level cannot and does not need to be set by the user. As long as the audit switch is turned on, the corresponding audit record will be automatically generated.

Statement level: causes an audit of a particular SQL or statement group that affects a particular type of database object. For example, AUDIT TABLE will audit statements such as CREATE TABLE, ALTER TABLE and DROP TABLE.

Object level: statements that audit acts on special objects. Such as the INSERT statement on the test table

The audit settings are stored in the DM dictionary table SYSAUDIT. One audit setting adds a corresponding record in SYSAUDIT, and if the audit is cancelled, the corresponding record in SYSAUDIT is deleted.

Statement sequence audit

DM also provides statement sequence audit as a supplement to statement-level audit and object-level audit. Statement sequence audit requires the auditor to establish an audit rule in advance, including N SQL statements (SQL1,SQL2... If a session executes these SQL statements in turn, the audit is triggered

The process of establishing statement sequence audit rules includes the following three system processes.

VOID

SP_AUDIT_SQLSEQ_START (

NAME VARCHAR (128)

)

VOID

SP_AUDIT_SQLSEQ_ADD (

NAME VARCHAR (128)

SQL VARCHAR (8188)

)

VOID

SP_AUDIT_SQLSEQ_END (

NAME VARCHAR (128)

)

Parameter description:

NAME statement sequence audit rule name

SQL statements in the sequence of statements that SQL needs to audit

Instructions for use:

To establish the statement sequence audit rules, we need to call SP_AUDIT_SQLSEQ_START first, then call SP_AUDIT_SQLSEQ_ADD several times, each time add a SQL statement, the order of SQL statements in the audit rules is determined according to the order of adding SQL statements, and finally call SP_AUDIT_SQLSEQ_END to complete the establishment of the rules.

For example, establish a statement sequence audit rule audit_sql1.

SQL > sp_audit_sqlseq_start ('audit_sql1')

DMSQL executed successfully

Used time: 0.901 (ms). Execute id is 25115.

SQL > sp_audit_sqlseq_add ('audit_sql1','select c2 from T1 * *)

DMSQL executed successfully

Used time: 0.698 (ms). Execute id is 25117.

SQL > sp_audit_sqlseq_add ('audit_sql1','select C1 from T2 * *)

DMSQL executed successfully

Used time: 0.709 (ms). Execute id is 25118.

SQL > sp_audit_sqlseq_add ('audit_sql1','select * from T3X')

DMSQL executed successfully

Used time: 0.814 (ms). Execute id is 25119.

SQL > sp_audit_sqlseq_end ('audit_sql1')

DMSQL executed successfully

Used time: 32.279 (ms). Execute id is 25120.

Execute a statement in another session

SQL > select * from T1

DMSQL executed successfully

Used time: 0.814 (ms). Execute id is 5119.

SQL > select * from T2

DMSQL executed successfully

Used time: 0.814 (ms). Execute id is 5120.

SQL > select * from T3

DMSQL executed successfully

Used time: 0.814 (ms). Execute id is 5121.

Query audit records

SQL > select * from v$auditrecords

LINEID USERID USERNAME ROLEID ROLENAME IP SCHID SCHNAME OBJID OBJNAME OPERATION SUCC_FLAG SQL_TEXT DESCRIBTION OPTIME MAC

--

1 50331649 SYSDBA 67108864 DBA:: ffff:127.0.0.1-1-1 DROP TABLE Y drop table cs purge; 2020-05-27 19 lax28 SYSDBA 06.000000000000000000000000000000000000000000

2 50331649 SYSDBA 67108864 DBA:: ffff:127.0.0.1-1-1 CREATE TABLE Y create table cs (id int,name varchar (20)); 2020-05-27 19 ffff:127.0.0.1 28 CREATE TABLE Y create table cs 19.000000000000VOO 0000000000000000

3 50331649 SYSDBA 67108864 DBA:: ffff:127.0.0.1-1-1 CREATE USER Y create user cs2 identified by *; 2020-05-27 19 ffff:127.0.0.1 32 CREATE USER Y create user cs2 identified by 18.000000 000000000000000000000000000000000000

4 50331750 JY 67108864 DBA:: ffff:127.0.0.1 150995951 JY 1454 T1 UPDATE Y update T1 set c2 set c2; 20-05-27 19 JY 360000000000000000000000000000

5 50331750 JY 67108864 DBA:: ffff:127.0.0.1 150995951 JY 1454 T1 DELETE Y delete from T1; 20-05-27 19 ffff:127.0.0.1 3715 0000000000000000000000000000000000

6 50331649 SYSDBA 67108864 DBA:: ffff:127.0.0.1 150995945 PERSON 1254 ADDRESS INSERT Y insert into person.address values ('No. 938 Wuling Avenue, Wuling District, Changde', null,' de Wuling District', '415700 PERSON DBA 10)

7 50331649 SYSDBA-1:: ffff:127.0.0.1-1-1 SQL SEQ Y select name from T1; select id from T2; select * from T3; audit_sql1 2020-05-27 20 SQL SEQ Y select name from 14 Perl 44.000000 00000000000000000000000000

7 rows got

Used time: 1.013 (ms). Execute id is 25133.

You can use the following system procedure to delete the specified statement sequence audit rule.

VOID

SP_AUDIT_SQLSEQ_DEL (

NAME VARCHAR (128)

)

Parameter description:

NAME statement sequence audit rule name

For example, delete the statement sequence audit rule AUDIT_SQL1.

SQL > sp_audit_sqlseq_del ('audit_sql1')

DMSQL executed successfully

Used time: 26.854 (ms). Execute id is 25137.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.