Unified Auditing统一审计的存储(12.2)
Posted SQLplusDB
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Unified Auditing统一审计的存储(12.2)相关的知识,希望对你有一定的参考价值。
统一审计的存储对象(12.2)
从12.2.0.1版本开始统一审计UNIFIED_AUDIT_TRAIL视图的内部存储对象变成了AUDSYS.AUD$UNIFIED表,无论数据库的版本是SE2还是EE,该表都是一个默认间隔为1个月的分区表。
查看统一审计的AUDSYS Schema的存储内容:(12.2.0.1环境)
SQL> set pagesize 200
SQL> set linesize 200
SQL> col OWNER format a10
SQL> col SEGMENT_NAME format a25
SQL> col SEGMENT_TYPE format a20
SQL> col PARTITION_NAME format a20
SQL> select OWNER,SEGMENT_NAME,SEGMENT_TYPE,PARTITION_NAME,TABLESPACE_NAME,BYTES/1024/1024 "sizeMB"
from DBA_SEGMENTS where OWNER='AUDSYS';
OWNER SEGMENT_NAME SEGMENT_TYPE PARTITION_NAME TABLESPACE sizeMB
---------- ------------------------- -------------------- -------------------- ---------- ----------
AUDSYS AUD$UNIFIED TABLE PARTITION SYS_P201 SYSAUX .0625
AUDSYS AUD$UNIFIED TABLE PARTITION SYS_P268 SYSAUX .875
AUDSYS AUD$UNIFIED TABLE PARTITION SYS_P752 SYSAUX .0625
AUDSYS SYS_IL0000017939C00097$ INDEX PARTITION SYS_IL_P758 SYSAUX .0625
AUDSYS SYS_IL0000017939C00031$ INDEX PARTITION SYS_IL_P756 SYSAUX .0625
AUDSYS SYS_IL0000017939C00030$ INDEX PARTITION SYS_IL_P754 SYSAUX .0625
AUDSYS SYS_IL0000017939C00097$ INDEX PARTITION SYS_IL_P207 SYSAUX .0625
AUDSYS SYS_IL0000017939C00031$ INDEX PARTITION SYS_IL_P205 SYSAUX .0625
AUDSYS SYS_IL0000017939C00030$ INDEX PARTITION SYS_IL_P203 SYSAUX .0625
AUDSYS SYS_IL0000017939C00097$ INDEX PARTITION SYS_IL_P274 SYSAUX .0625
AUDSYS SYS_IL0000017939C00031$ INDEX PARTITION SYS_IL_P272 SYSAUX .0625
AUDSYS SYS_IL0000017939C00030$ INDEX PARTITION SYS_IL_P270 SYSAUX .0625
AUDSYS SYS_LOB0000017939C00030$ LOB PARTITION SYS_LOB_P202 SYSAUX .125
AUDSYS SYS_LOB0000017939C00031$ LOB PARTITION SYS_LOB_P204 SYSAUX .125
AUDSYS SYS_LOB0000017939C00097$ LOB PARTITION SYS_LOB_P206 SYSAUX .125
AUDSYS SYS_LOB0000017939C00030$ LOB PARTITION SYS_LOB_P269 SYSAUX .125
AUDSYS SYS_LOB0000017939C00031$ LOB PARTITION SYS_LOB_P271 SYSAUX .125
AUDSYS SYS_LOB0000017939C00097$ LOB PARTITION SYS_LOB_P273 SYSAUX .125
AUDSYS SYS_LOB0000017939C00030$ LOB PARTITION SYS_LOB_P753 SYSAUX .125
AUDSYS SYS_LOB0000017939C00031$ LOB PARTITION SYS_LOB_P755 SYSAUX .125
AUDSYS SYS_LOB0000017939C00097$ LOB PARTITION SYS_LOB_P757 SYSAUX .125
通过上面的输出我们可以看到在12.2的环境中,在统一审计的AUDSYS Schema下有AUD$UNIFIED表和分区索引和大数据段。
对于AUD$UNIFIED表的DDL定义,我们可以通过dbms_metadata.get_ddl来查看:
SQL> set pages 0
SQL> set longchunksize 3000
SQL> set long 2000000000
SQL> select dbms_metadata.get_ddl('TABLE','AUD$UNIFIED','AUDSYS') from dual;
SQL>
CREATE TABLE "AUDSYS"."AUD$UNIFIED" SHARING=METADATA
( "INST_ID" NUMBER,
"AUDIT_TYPE" NUMBER,
"SESSIONID" NUMBER,
"PROXY_SESSIONID" NUMBER,
"OS_USER" VARCHAR2(128),
"HOST_NAME" VARCHAR2(128),
"TERMINAL" VARCHAR2(30),
"INSTANCE_ID" NUMBER,
"DBID" NUMBER,
"AUTHENTICATION_TYPE" VARCHAR2(1024),
"USERID" VARCHAR2(128),
"PROXY_USERID" VARCHAR2(128),
"EXTERNAL_USERID" VARCHAR2(1024),
"GLOBAL_USERID" VARCHAR2(32),
"CLIENT_PROGRAM_NAME" VARCHAR2(48),
"DBLINK_INFO" VARCHAR2(4000),
"XS_USER_NAME" VARCHAR2(128),
"XS_SESSIONID" RAW(33),
"ENTRY_ID" NUMBER NOT NULL ENABLE,
"STATEMENT_ID" NUMBER NOT NULL ENABLE,
"EVENT_TIMESTAMP" TIMESTAMP (6) NOT NULL ENABLE,
"ACTION" NUMBER NOT NULL ENABLE,
"RETURN_CODE" NUMBER NOT NULL ENABLE,
"OS_PROCESS" VARCHAR2(16),
"TRANSACTION_ID" RAW(8),
"SCN" NUMBER,
"EXECUTION_ID" VARCHAR2(64),
"OBJ_OWNER" VARCHAR2(128),
"OBJ_NAME" VARCHAR2(128),
"SQL_TEXT" CLOB,
"SQL_BINDS" CLOB,
"APPLICATION_CONTEXTS" VARCHAR2(4000),
"CLIENT_IDENTIFIER" VARCHAR2(64),
"NEW_OWNER" VARCHAR2(128),
"NEW_NAME" VARCHAR2(128),
"OBJECT_EDITION" VARCHAR2(128),
"SYSTEM_PRIVILEGE_USED" VARCHAR2(1024),
"SYSTEM_PRIVILEGE" NUMBER,
"AUDIT_OPTION" NUMBER,
"OBJECT_PRIVILEGES" VARCHAR2(35),
"ROLE" VARCHAR2(128),
"TARGET_USER" VARCHAR2(128),
"EXCLUDED_USER" VARCHAR2(128),
"EXCLUDED_SCHEMA" VARCHAR2(128),
"EXCLUDED_OBJECT" VARCHAR2(128),
"CURRENT_USER" VARCHAR2(128),
"ADDITIONAL_INFO" VARCHAR2(4000),
"UNIFIED_AUDIT_POLICIES" VARCHAR2(4000),
"FGA_POLICY_NAME" VARCHAR2(128),
"XS_INACTIVITY_TIMEOUT" NUMBER,
"XS_ENTITY_TYPE" VARCHAR2(32),
"XS_TARGET_PRINCIPAL_NAME" VARCHAR2(128),
"XS_PROXY_USER_NAME" VARCHAR2(128),
"XS_DATASEC_POLICY_NAME" VARCHAR2(128),
"XS_SCHEMA_NAME" VARCHAR2(128),
"XS_CALLBACK_EVENT_TYPE" VARCHAR2(32),
"XS_PACKAGE_NAME" VARCHAR2(128),
"XS_PROCEDURE_NAME" VARCHAR2(128),
"XS_ENABLED_ROLE" VARCHAR2(128),
"XS_COOKIE" VARCHAR2(1024),
"XS_NS_NAME" VARCHAR2(128),
"XS_NS_ATTRIBUTE" VARCHAR2(4000),
"XS_NS_ATTRIBUTE_OLD_VAL" VARCHAR2(4000),
"XS_NS_ATTRIBUTE_NEW_VAL" VARCHAR2(4000),
"DV_ACTION_CODE" NUMBER,
"DV_ACTION_NAME" VARCHAR2(30),
"DV_EXTENDED_ACTION_CODE" NUMBER,
"DV_GRANTEE" VARCHAR2(128),
"DV_RETURN_CODE" NUMBER,
"DV_ACTION_OBJECT_NAME" VARCHAR2(128),
"DV_RULE_SET_NAME" VARCHAR2(90),
"DV_COMMENT" VARCHAR2(4000),
"DV_FACTOR_CONTEXT" VARCHAR2(4000),
"DV_OBJECT_STATUS" VARCHAR2(1),
"OLS_POLICY_NAME" VARCHAR2(128),
"OLS_GRANTEE" VARCHAR2(128),
"OLS_MAX_READ_LABEL" VARCHAR2(4000),
"OLS_MAX_WRITE_LABEL" VARCHAR2(4000),
"OLS_MIN_WRITE_LABEL" VARCHAR2(4000),
"OLS_PRIVILEGES_GRANTED" VARCHAR2(128),
"OLS_PROGRAM_UNIT_NAME" VARCHAR2(128),
"OLS_PRIVILEGES_USED" VARCHAR2(128),
"OLS_STRING_LABEL" VARCHAR2(4000),
"OLS_LABEL_COMPONENT_TYPE" VARCHAR2(12),
"OLS_LABEL_COMPONENT_NAME" VARCHAR2(30),
"OLS_PARENT_GROUP_NAME" VARCHAR2(30),
"OLS_OLD_VALUE" VARCHAR2(4000),
"OLS_NEW_VALUE" VARCHAR2(4000),
"RMAN_SESSION_RECID" NUMBER,
"RMAN_SESSION_STAMP" NUMBER,
"RMAN_OPERATION" VARCHAR2(20),
"RMAN_OBJECT_TYPE" VARCHAR2(20),
"RMAN_DEVICE_TYPE" VARCHAR2(5),
"DP_TEXT_PARAMETERS1" VARCHAR2(512),
"DP_BOOLEAN_PARAMETERS1" VARCHAR2(512),
"DIRECT_PATH_NUM_COLUMNS_LOADED" NUMBER,
"RLS_INFO" CLOB,
"KSACL_USER_NAME" VARCHAR2(128),
"KSACL_SERVICE_NAME" VARCHAR2(512),
"KSACL_SOURCE_LOCATION" VARCHAR2(48),
"CON_ID" NUMBER
) PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255
STORAGE(
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "SYSAUX"
LOB ("SQL_TEXT") STORE AS SECUREFILE (
TABLESPACE "SYSAUX" ENABLE STORAGE IN ROW CHUNK 8192
NOCACHE LOGGING NOCOMPRESS KEEP_DUPLICATES
STORAGE(
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT))
LOB ("SQL_BINDS") STORE AS SECUREFILE (
TABLESPACE "SYSAUX" ENABLE STORAGE IN ROW CHUNK 8192
NOCACHE LOGGING NOCOMPRESS KEEP_DUPLICATES
STORAGE(
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT))
LOB ("RLS_INFO") STORE AS SECUREFILE (
TABLESPACE "SYSAUX" ENABLE STORAGE IN ROW CHUNK 8192
NOCACHE LOGGING NOCOMPRESS KEEP_DUPLICATES
STORAGE(
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT))
PARTITION BY RANGE ("EVENT_TIMESTAMP") INTERVAL (INTERVAL '1' MONTH)
(PARTITION "AUD_UNIFIED_P0" VALUES LESS THAN (TIMESTAMP' 2014-07-01 00:00:00') SEGMENT CREATION DEFERRED
PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255
NOCOMPRESS LOGGING
STORAGE(
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "SYSAUX"
LOB ("SQL_TEXT") STORE AS SECUREFILE (
TABLESPACE "SYSAUX" ENABLE STORAGE IN ROW CHUNK 8192
NOCACHE LOGGING NOCOMPRESS KEEP_DUPLICATES
STORAGE(
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT))
LOB ("SQL_BINDS") STORE AS SECUREFILE (
TABLESPACE "SYSAUX" ENABLE STORAGE IN ROW CHUNK 8192
NOCACHE LOGGING NOCOMPRESS KEEP_DUPLICATES
STORAGE(
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT))
LOB ("RLS_INFO") STORE AS SECUREFILE (
TABLESPACE "SYSAUX" ENABLE STORAGE IN ROW CHUNK 8192
NOCACHE LOGGING NOCOMPRESS KEEP_DUPLICATES
STORAGE(
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)) )
另一种方法是,通过查看在数据库升级用的脚本catuat.sql 中的内容来了解
$ORACLE_HOME/rdbms/admin/catuat.sql
catuat.sql 的内容摘要:
declare
create_tab_temp_sql varchar2(32000);
timestamp_format varchar2(30);
first_part_timestamp varchar2(30);
partition_interval varchar2(2);
tablespace_clause varchar2(30);
partitioning_clause varchar2(300);
create_table_sql varchar2(32500);
db_edition varchar2(7);
begin
first_part_timestamp := '2014-07-01 00:00:00';
timestamp_format := 'YYYY-MM-DD HH24:MI:SS';
partition_interval := '1';
tablespace_clause := 'TABLESPACE SYSAUX';
partitioning_clause := 'PARTITION BY RANGE (EVENT_TIMESTAMP)
INTERVAL(INTERVAL '||''''||partition_interval||''''||
' MONTH) (PARTITION aud_unified_p0 VALUES LESS THAN
(TO_TIMESTAMP('||''''||first_part_timestamp||''''||', '||
''''||timestamp_format||''''||
')) TABLESPACE SYSAUX) ';
create_tab_temp_sql := 'CREATE TABLE AUDSYS.AUD$UNIFIED (
INST_ID NUMBER,
AUDIT_TYPE NUMBER,
...
DIRECT_PATH_NUM_COLUMNS_LOADED NUMBER,
RLS_INFO CLOB,
KSACL_USER_NAME VARCHAR2(128),
KSACL_SERVICE_NAME VARCHAR2(512),
KSACL_SOURCE_LOCATION VARCHAR2(48),
CON_ID NUMBER
)
LOB (SQL_TEXT, SQL_BINDS, RLS_INFO) STORE AS(TABLESPACE SYSAUX) ';
select edition into db_edition from v$instance;
if db_edition in ('EE', 'HP', 'XP') -- Enterprise Edition Oracle
then -- Create Partitioned table
create_table_sql := create_tab_temp_sql || partitioning_clause||
tablespace_clause;
begin
execute immediate create_table_sql;
EXCEPTION
WHEN OTHERS THEN
IF SQLCODE IN (-00955) AND db_not_122 THEN -- Table already exists
alter_tab_def;
NULL;
ELSE
RAISE;
END IF;
end;
else -- Create Non-Partitioned Table
create_table_sql := create_tab_temp_sql || tablespace_clause;
begin
execute immediate create_table_sql;
EXCEPTION
WHEN OTHERS THEN
IF SQLCODE IN (-00955) AND db_not_122 THEN -- Table already exists
alter_tab_def;
NULL;
ELSE
RAISE;
END IF;
end;
end if;
end;
/
通过上面的输出,可以看到:
1.AUDSYS.AUD$UNIFIED表都是一个默认间隔为1个月的分区表
2.AUDSYS.AUD$UNIFIED是以EVENT_TIMESTAMP列作为分区键
3.和12.1版本一样"SQL_TEXT"和"SQL_BINDS" 列为CLOB类型的存储。
升级后12.1的存储对象(CLI)迁移到12.2的存储对象(AUD$UNIFIED)
在12.2版本上,Oracle提供一个DBMS_AUDIT_MGMT.TRANSFER_UNIFIED_AUDIT_RECORDS 程序包,可以把12.1版本上存储对象(CLI)中的数据迁移到12.2的存储对象(AUD$UNIFIED)中。
参考:
Transfer Unified Audit Records After the Upgrade
版权声明:本文为博主原创文章,转载必须注明出处,本人保留一切相关权力!http://blog.csdn.net/lukeunique
欢迎关注微信订阅号:TeacherWhat
以上是关于Unified Auditing统一审计的存储(12.2)的主要内容,如果未能解决你的问题,请参考以下文章
12c 新特性-统一审计(Unified Auditing)
Oracle LiveLabs实验:DB Security - Unified Auditing