首先确保Oracle初始化参数audit_trail值为DB或OS,通过“show parameter audit_trail;”查看。

1 语句审计

audit table by test by access;

select * from dba_stmt_audit_opts; --查看是否创建语句审计成功

select * from employee_log;

delete from employee_log where l_date ='2018-09-27 16:15:43';

select * from dba_audit_trail;  --查看审计记录

2 对象审计

audit delete on test.employee_log by access;

select * from dba_obj_audit_opts;  --查看是否创建对象审计成功

select * from employee_log;

delete from employee_log where l_date ='2018-09-27 16:15:43';

select * from dba_audit_trail;  --查看审计记录

3 权限审计

audit select any table;--创建权限审计

--确保当前用户有select any table系统权限

select * from dba_priv_audit_opts;--查看是否创建权限审计成功

select * from employee_log;

select * from dba_audit_trail;  ---查看审计记录

4 精细审计

begin 

dbms_fga.add_policy(

object_schema=>'test',

object_name=>'employee_log',

policy_name=>'fga_test',

audit_column=>'l_date',

enable=>true,

statement_types=>'select'

);

end;   ---创建精细审计

 

select * from dba_audit_policies; --查看是否创建精细审计成功

select * from employee_log where l_date ='2018-09-27 16:15:43';

select * from dba_fga_audit_trail;--查看精细审计记录

select * from employee_log;

select * from dba_fga_audit_trail;