Oracle 用户验证日志

1.sysdba/sysoper 权限用户验证日志;
2.非sysdba/sysoper 权限用户验证日志;
3.关于sqlcode;

1.sysdba/sysoper 权限用户验证日志:
在数据库设置了参数 audit_sys_operations=true 的情况下,系统会根据 audit_trail 参数的设置记录 sysdba/sysoper 权限用户日志到 audit_file_dest
参数设置的目录下,记录日志的内容包括(数据库启动操作、登录验证信息、DML操作),其它非 sysdba/sysoper 权限的用户信息会被记录到AUD$表中;
audit_trail 可以设置为:DB、DB,EXTENDED、OS、XML,当audit_trail=xml 时产生的日志数量多慎用;

 SYS@sydb>show parameter audit

 NAME                                 TYPE        VALUE
 ------------------------------------ ----------- ------------------------------
 audit_file_dest                      string      /u01/app/admin/sydb/adump
 audit_sys_operations                 boolean     TRUE
 audit_syslog_level                   string
 audit_trail                          string      DB

 [sywu@wusuyuan ~]$ cd /u01/app/admin/sydb/adump
 [sywu@wusuyuan adump]$ rm *
 [sywu@wusuyuan adump]$ sqlplus / as sysdba
 SYS@sydb>show parameter audit

 查看跟踪文件:
 [sywu@wusuyuan adump]$ ls
 sydb_ora_26587_1.aud
 [sywu@wusuyuan adump]$ cat sydb_ora_26587_1.aud
 Thu May 29 12:48:05 2014 +08:00
 LENGTH : ''
 ACTION :[] 'CONNECT'  --执行操作,相关操作参照 audit_actions 表
 DATABASE USER:[] '/'
 PRIVILEGE :[] 'SYSDBA'
 CLIENT USER:[] 'sywu'
 CLIENT TERMINAL:[] 'pts/0'
 STATUS:[] ''   --状态,登录成功为:'0',失败为:'1017',值是数据库返回的sqlcode,
 DBID:[] ''

 Thu May 29 12:48:05 2014 +08:00
 LENGTH : ''
 ACTION :[] 'BEGIN DBMS_OUTPUT.ENABLE(NULL); END;'
 DATABASE USER:[] '/'
 PRIVILEGE :[] 'SYSDBA'
 CLIENT USER:[] 'sywu'
 CLIENT TERMINAL:[] 'pts/0'
 STATUS:[] ''
 DBID:[] ''

 Thu May 29 12:48:23 2014 +08:00
 LENGTH : ''          --show parameter audit 语句产生的后台查询
 ACTION :[] 'SELECT NAME NAME_COL_PLUS_SHOW_PARAM,DECODE(TYPE,1,'boolean',2,'string',3,'integer',4,'file',5,'number',        6,'big integer', 'unknown') TYPE,DISPLAY_VALUE VALUE_COL_PLUS_SHOW_PARAM FROM V$PARAMETER WHERE UPPER(NAME) LIKE UPPER(:NMBIND_SHOW_OBJ) ORDER BY NAME_COL_PLUS_SHOW_PARAM,ROWNUM'
 DATABASE USER:[] '/'
 PRIVILEGE :[] 'SYSDBA'
 CLIENT USER:[] 'sywu'
 CLIENT TERMINAL:[] 'pts/0'
 STATUS:[] ''
 DBID:[] ''

如果数据库启动为只读模式,则audit_trail 值默认为:OS;

 AUDIT_TRAIL initialization parameter is changed to OS, as DB,EXTENDED is NOT compatible for database opened with read-only access

2.非sysdba/sysoper 权限用户验证日志:
非sysdba/sysoper 权限用户验证日志会被记录在AUD$系统表上,aud$记录用户验证userId,userhost,action#,comment$text,process#,dbid..,当用户断开连接时
记录用户断开时间(LOGOFF$TIME);

 SYS@sydb> select sessionid,userhost,userid,to_char(TIMESTAMP#,'YYYY-MM-DD HH24:mi:ss')TIMESTAMP,action#,process#,LOGOFF$TIME,RETURNCODE
   2   from aud$ where userid=upper('SYWU');       

  SESSIONID USERHOST        USERID        TIMESTAMP              ACTION# PROCESS#         LOGOFF$TIME         RETURNCODE
 ---------- --------------- ------------- ------------------- ---------- ---------------- ------------------- ----------
 ########## wusuyuan        SYWU                                     101 25404            2014-06-04 12:40:24          0
 ########## wusuyuan        SYWU                                     100 25411                                         0
 ########## wusuyuan        SYWU                                     101 25411            2014-06-04 12:41:18          0
 ########## wusuyuan        SYWU                                     100 25413                                         0
 ########## wusuyuan        SYWU                                     101 25413            2014-06-04 12:46:51          0
 ########## wusuyuan        SYWU                                     100 25444                                         0
 ########## wusuyuan        SYWU                                     101 25444            2014-06-04 12:50:36          0

sys.AUD$ 表所有者是SYS用户,占用SYSTEM表空间,长时间使用会存储很多信息,可以在sysdba权限用户下(截取、删除)数据:

 SYS@sydb>truncate table aud$;

也可以将表存储到其它表空间下:

 SYS@sydb>alter table aud$ move tablespace tbs02;

3.关于sqlcode:
在执行任何sql 时,后台都会返回sqlcode值,执行正确默认返回'0',如果发生错误或异常是返回错误值,类似我们看到的 ORA-00001 错误;

  OPS$LANSTON@sydb>declare
   2     v_date date;
   3     begin
   4     select sysdate into v_date from dual;
   5     dbms_output.put_line('this is v_date value:'||v_date);
   6     dbms_output.put_line('this is database return sqlcode:'||sqlcode);
   7     end;
   8  /
 this is v_date value:2014-06-04 21:12:51
 this is database return sqlcode:0

 PL/SQL procedure successfully completed.

当执行出错时:

 OPS$LANSTON@sydb>   declare
   2     v_date date;
   3     begin
   4     execute immediate 'select tcol from dual' into v_date;
   5
   6    exception when others then
   7      dbms_output.put_line('this is database return sqlcode:'||sqlcode);
   8     dbms_output.put_line('this is database return error message:'||sqlerrm);
   9     end;
  10  /
 this is database return sqlcode:-904
 this is database return error message:ORA-00904: "TCOL": invalid identifier

 PL/SQL procedure successfully completed.

在PL/SQL体内执行DML操作时,建议使用 execute immediate 执行,这样容易捕获错误,并且可以在异常体对异常处理;如上例子如果不使用execute immediate 执行,数据库
在第一时间就抛出错误并终止程序运行;