[英]Oracle XE audit_trail not saving for all users
I enabled auditing on my Oracle XE server via the following run by the sys
user: 我通过
sys
用户运行的以下命令在Oracle XE服务器上启用了审计:
SQL> ALTER SYSTEM SET audit_sys_operations=true SCOPE=spfile;
SQL> ALTER SYSTEM SET audit_trail=XML,EXTENDED SCOPE=spfile;
SQL> SHUTDOWN IMMEDIATE
SQL> STARTUP
When I run queries as the sys
user, an xml file records the queries in the default location (eg, /u01/app/oracle/admin/XE/adump/xe_ora_2339_1.xml
). 当我以
sys
用户身份运行查询时,一个xml文件将查询记录在默认位置(例如/u01/app/oracle/admin/XE/adump/xe_ora_2339_1.xml
)。 However, if I run a query as a different user (eg, test_user
), no updates occur in any of the files in the adump directory. 但是,如果我以其他用户身份(例如
test_user
)运行查询,则adump目录中的任何文件都不会发生更新。
I've confirmed that the parameter is set for the test_user
: 我已经确认为
test_user
设置了参数:
SQL> show parameter audit;
NAME TYPE VALUE
------------------------ ------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/XE/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string XML, EXTENDED
I also tried restarting my sqlplus
session (ie, reconnecting with the test_user
), as well as disabling audit_sys_operations
, and the issue remains. 我还尝试重新启动
sqlplus
会话(即,重新连接到test_user
),以及禁用audit_sys_operations
,问题仍然存在。
Version info: Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production (via this docker image ). 版本信息:Oracle Database 11g Express Edition 11.2.0.2.0版-64位生产(通过此 docker image )。
My issue was that, in addition to enabling auditing, I also needed to specify what to audit with the AUDIT
command. 我的问题是,除了启用审核之外,我还需要指定要使用
AUDIT
命令审核的内容。 In my case, I wanted everything, so I added the following (commands mentioned in this tutorial ): 就我而言,我需要一切,因此添加了以下内容( 本教程中提到的命令):
SQL> AUDIT ALL; # note: it seems like the next two statements would be included with "all", but I didn't verify this.
SQL> AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE;
SQL> AUDIT EXECUTE PROCEDURE;
Note that with AUDIT_TRAIL=XML,EXTENDED (and maybe all the file-based auditing settings?), it looks there is some buffering of writing the XML file, as I didn't get a query showing up until my test user disconnected, so if you are missing a log entry, try logging the user out to see if it shows up. 请注意,使用AUDIT_TRAIL = XML,EXTENDED(也许还有所有基于文件的审核设置?),它看起来在写XML文件方面有一定的缓冲,因为直到测试用户断开连接后才显示查询。如果您缺少日志条目,请尝试注销用户以查看其是否出现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.