Database administration - Tips and Tricks (Oracle, SQLServer): September 2016

The following document explains how to switch on database auditing and the audit management packages for Oracle 11.2.

--
-- Set-up Audit Management
--

BEGIN
DBMS_AUDIT_MGMT.init_cleanup(
    audit_trail_type         => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
    default_cleanup_interval => 12 /* hours */);
END;
/

--
-- Check Default Clean Up Interval has been Set and Cleanup is Initialized
--

COLUMN parameter_name FORMAT A30
COLUMN parameter_value FORMAT A20
COLUMN audit_trail FORMAT A20

SELECT * FROM dba_audit_mgmt_config_params WHERE PARAMETER_NAME = 'DEFAULT CLEAN UP INTERVAL'
/

SET SERVEROUTPUT ON
BEGIN
IF DBMS_AUDIT_MGMT.is_cleanup_initialized(DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD) THEN
    DBMS_OUTPUT.put_line('YES');
ELSE
    DBMS_OUTPUT.put_line('NO');
END IF;
END;
/

pause Check the default clean up interval been set and the cleanup has been initialized.

--
-- Set Last Archive Timestamp Values for OS and XML Files.
--

BEGIN
DBMS_AUDIT_MGMT.set_last_archive_timestamp(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS,
last_archive_time => SYSTIMESTAMP-31);
END;
/

BEGIN
DBMS_AUDIT_MGMT.set_last_archive_timestamp(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
last_archive_time => SYSTIMESTAMP-31);
END;
/

BEGIN
DBMS_AUDIT_MGMT.set_last_archive_timestamp(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_XML,
last_archive_time => SYSTIMESTAMP-31);
END;
/

--
-- Check Last Archive Timestamp Values are Set
--

SELECT * FROM dba_audit_mgmt_last_arch_ts
/

pause Check the last archive timestamp values have been set.

--
-- Set-up Automated Purge Job
--

BEGIN
DBMS_AUDIT_MGMT.create_purge_job(
audit_trail_type           => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
audit_trail_purge_interval => 24 /* hours */,
audit_trail_purge_name     => 'PURGE_ALL_AUDIT_TRAILS',
use_last_arch_timestamp    => TRUE);
END;
/

--
-- Set-up a Job to Move the Last Archive Timestamp Forward Each Day
--

-- Unhash if rerunning code.
--
-- BEGIN
--   SYS.DBMS_SCHEDULER.DROP_JOB
--     (job_name => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD');
-- END;
-- /

BEGIN
SYS.DBMS_SCHEDULER.CREATE_JOB
    (
       job_name        => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'
      ,start_date      => TO_TIMESTAMP_TZ('2012/04/13 08:00:00.000000 +01:00','yyyy/mm/dd hh24:mi:ss.ff tzr')
      ,repeat_interval => 'FREQ=DAILY;INTERVAL=1'
      ,end_date        => NULL
      ,job_class       => 'DEFAULT_JOB_CLASS'
      ,job_type        => 'PLSQL_BLOCK'
      ,job_action      => 'BEGIN
DBMS_AUDIT_MGMT.set_last_archive_timestamp(
    audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS,
    last_archive_time => SYSTIMESTAMP-31);
END;
BEGIN
DBMS_AUDIT_MGMT.set_last_archive_timestamp(
   audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
   last_archive_time => SYSTIMESTAMP-31);
END;
BEGIN
DBMS_AUDIT_MGMT.set_last_archive_timestamp(
    audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_XML,
    last_archive_time => SYSTIMESTAMP-31);
END;'
      ,comments        => NULL
    );
SYS.DBMS_SCHEDULER.SET_ATTRIBUTE
    ( name      => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'
     ,attribute => 'RESTARTABLE'
     ,value     => FALSE);
SYS.DBMS_SCHEDULER.SET_ATTRIBUTE
    ( name      => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'
     ,attribute => 'LOGGING_LEVEL'
     ,value     => SYS.DBMS_SCHEDULER.LOGGING_OFF);
SYS.DBMS_SCHEDULER.SET_ATTRIBUTE_NULL
    ( name      => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'
     ,attribute => 'MAX_FAILURES');
SYS.DBMS_SCHEDULER.SET_ATTRIBUTE_NULL
    ( name      => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'
     ,attribute => 'MAX_RUNS');
BEGIN
    SYS.DBMS_SCHEDULER.SET_ATTRIBUTE
      ( name      => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'
       ,attribute => 'STOP_ON_WINDOW_CLOSE'
       ,value     => FALSE);
EXCEPTION
    -- could fail if program is of type EXECUTABLE...
    WHEN OTHERS THEN
      NULL;
END;
SYS.DBMS_SCHEDULER.SET_ATTRIBUTE
    ( name      => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'
     ,attribute => 'JOB_PRIORITY'
     ,value     => 3);
SYS.DBMS_SCHEDULER.SET_ATTRIBUTE_NULL
    ( name      => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'
     ,attribute => 'SCHEDULE_LIMIT');
SYS.DBMS_SCHEDULER.SET_ATTRIBUTE
    ( name      => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD'
     ,attribute => 'AUTO_DROP'
     ,value     => TRUE);

SYS.DBMS_SCHEDULER.ENABLE
    (name                  => 'SYS.MOVE_LAST_TIMESTAMP_FORWARD');
END;
/

--
-- Check the DBMS Scheduler Jobs are Configured.
--

SELECT owner,job_name FROM DBA_SCHEDULER_JOBS WHERE job_name IN ('PURGE_ALL_AUDIT_TRAILS','MOVE_LAST_TIMESTAMP_FORWARD')
/

pause Check the jobs are scheduled.

Database administration - Tips and Tricks (Oracle, SQLServer)

High Availbility

OS & Virtualization

Thursday, September 08, 2016

How to Manage Audit Files and Auditing on 11gr2

SQLServer

MySQL