Oracle 11G 监控单张表的增删改操作
栏目:互联网时间:2014-11-11 08:48:36
前言:
线上oraclehttp://www.wfuyu.com/db/有张表的数据有些乱,根据利用db的log和利用的log也没有检查出来谁修改了,所以决定把这张单表做个详细的insert、update、delete监控。
1:使用http://www.wfuyu.com/db/自带的审计功能
1,查看审计功能是不是启动
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /oracle/app/oracle/admin/power
des/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
SQL>
没有开启审计功能,需要自己去开启1下。
2,开启审计功能
需要用sysdba,注意audit_trail要为DB_EXTENDED才记录履行的具体语句...
alter system set audit_sys_operations=TRUE scope=spfile;
SQL> alter system set audit_sys_operations=TRUE scope=spfile;
System altered.
SQL>
再次查看审计功能是不是启动
SQL> show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /oracle/app/oracle/admin/power
des/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
SQL>
需要重启实例才能看到状态。
3,关闭审计功能
SQL> alter system set audit_trail = none scope=spfile;
4,针对某张表的审计功能
AUDIT UPDATE,DELETE,INSERT ON T_TEST by http://www.wfuyu.com/access/;
5,对该张表进行各种DML操作测试
6,查询审计的信息
select EXTENDED_TIMESTAMP,SESSION_ID,SQL_TEXT from DBA_COMMON_AUDIT_TRAIL ORDER BY EXTENDED_TIMESTAMP DESC;
2,采取触发器
看到线上http://www.wfuyu.com/db/load比之前增加蛮多的,为了单张表的监控开启审计比较消耗资源,有些不划算,所以可以采取另外1种办法来做,就是在表上建立触发器。
1,先建立建立测试表:
查看已建立的表 aaa_test与trig_sql。
SQL> describe plas.aaa_test;
Name Null? Type
----------------------------------------- -------- ----------------------------
ID NUMBER
NAME VARCHAR2(100)
LOGIN_TIME DATE
SQL>
SQL> describe plas.trig_sql;
Name Null? Type
----------------------------------------- -------- ----------------------------
LT DATE
SID NUMBER
SERIAL# NUMBER
USERNAME VARCHAR2(30)
OSUSER VARCHAR2(64)
MACHINE VARCHAR2(32)
TERMINAL VARCHAR2(16)
PROGRAM VARCHAR2(64)
SQLTEXT VARCHAR2(2000)
STATUS VARCHAR2(30)
CLIENT_IP VARCHAR2(60)
SQL>
2,并且在 trig_sql表上面添加索引:
create index idx_time on plas.trig_sql (LT);
3,建立触发器
create or replace trigger pri_test
after insert or update or delete on plas.aaa_test
DECLARE
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
IF inserting THEN
INSERT INTO plas.trig_sql
select sysdate,s.SID, s.SERIAL#, s.USERNAME, s.OSUSER,
s.MACHINE, s.TERMINAL, s.PROGRAM, q.sql_text line,
'INSERT',
sys_context('userenv','ip_address')
from v$sql q, v$session s
where s.audsid=(select userenv('SESSIONID') from dual)
and s.prev_sql_addr=q.address
AND s.PREV_HASH_VALUE = q.hash_value;
COMMIT;
ELSIF deleting then
INSERT INTO plas.trig_sql
select sysdate,s.SID, s.SERIAL#, s.USERNAME, s.OSUSER,
s.MACHINE, s.TERMINAL, s.PROGRAM, q.sql_text line,
'DELETE',
sys_context('userenv','ip_address')
from v$sql q, v$session s
------分隔线----------------------------
------分隔线----------------------------