Shulou(Shulou.com)05/31 Report--

This article to share with you is about oracle how to clean up the audit log, Xiaobian feel quite practical, so share with you to learn, I hope you can gain something after reading this article, not much to say, follow Xiaobian to see it.

--Enter audit log directory:

cd $ORACLE_BASE/admin/$ORACLE_SID/adump

--Delete audit documents 3 months ago:

find ./ -type f -name "*.aud" -mtime +91|xargs rm -f

--Clear all audit files at once

find ./ -type f -name "*.aud"|xargs rm-f

find ./ -mtime +7 -name "*.aud" -type f -delete

Usually when we query audit switches in a newly installed database, we may find that it is set to DB. (Pre-installed settings, if other means considered set)

SQL>show parameter audit_trail Name TYPE VALUE-------------------------------------------------------------- audit_trail string DB

audit_trail=DB, which means oracle will record each audit trail in a table called AUD$in the database.

SQL>select owner,table_name,tablespace_name from dba_tables a where a.table_name ='AUD$' OWNER TABLE_NAME TABLESPACE_NAME-------------------------------------------------------------- SYS AUD$ SYSTEM

The table space in which this table is located is the most important SYSTEM table space in the formal oracle database.

Because this table space is very special: if it happens to be set to auto-extend (AUT=YES) at this point:

SQL>select a.tablespace_name,a.bytes,a.autoextensible from dba_data_files a where a.tablespace_name='SYSTEM' TABLESPACE_NAME BYTES AUT--------------------------------------------------------SYSTEM 2147473648 YES

Over time, the SYSTEM table space will eventually explode from obesity.

(Conversely, if autoextensible=NO,AUD$table in SYSTEM table space has no place to write, error cannot allocate space will be reported)

SO, some database will be based on the situation, the audit function will be "closed":

1. Set audit parameters Close

SQL>alter system set audit_trail=none scope=spfile;

2. restart the database

SQL>shutdown immediate;SQL>startup;

At this time, the little partner thought that he had nothing to worry about. In fact, oracle had already prepared for it. There was a abnormal function called compulsory audit waiting for you.

long as you dare to

Log in to the database with SYSDBA or SYSOPER privileges

Dare to start

How dare you shut down

Oracle will give you the file named.aud in the $ORACLE_BASE/admin/$ORACLE_SID/adump directory

So,

When DB is enabled, audit logs are recorded in both the AUD$table and the operating system aud file.

Set to NONE, and still nothing else will be recorded in the OS aud file.

* Database table: sys.aud$

* Operating system directory is: $ORACLE_BASE/admin/instance name/adump/

SQL>show parameter audit

Isn't that sick?

Therefore, if this directory is not cleaned up for a long time, there will be a large backlog of *.aud files.

If you don't delete a lot for a long time, it will affect the operating system inodes.

So, my friends:

If DB, remember to clear the aud$table periodically

SQL>truncate table sys.aud$;

If you don't want to use DB, you can set it off.

SQL>alter system set audit_trail=none scope=spfile;

Note that database restart is required

SQL>shutdown immediate;SQL>startup;

If NONE, remember to clear the aud file or configure crontab timer task to clear the aud file regularly.

Note: do not delete adump directory directly, otherwise, you will sqlplus not database.

The above is how oracle performs audit log cleaning. Xiaobian believes that some knowledge points may be seen or used in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.