Friday, December 26, 2008

Enable Basic Auditing in Oracle 10.0.2

I have a test Oracle instance (10.0.2) running in NOARCHIVELOG mode without any auditing.
In order to enable AUDITing, following are the steps.

Verify the current AUDIT trail settings
First, we will login to the database check the current audit trail settings.
MYSERVER@ORA102>select * from v$version;
BANNER
----------------------------------------------------------------
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
PL/SQL Release 10.2.0.1.0 - Production
CORE 10.2.0.1.0 Production
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
NLSRTL Version 10.2.0.1.0 - Production
Show parameter audit displays the current settings of audit trail in the database.
MYSERVER@ORA102>show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string C:\ORACLE\PRODUCT\10.2.0\ADMIN
\ORA102\ADUMP
audit_sys_operations boolean FALSE
audit_trail string NONE

Note that, the audit_trail parameter is set to NONE and audit_sys_operations is set to FALSE. In this database, both normal auditing and audit_sys_operations are disabled.
Although Oracle will allow us to enable auditing for specific database objects, no audit information will be captured.

Let us take a quick look.
The DBA_AUDIT_TRAIL view shows the audit trail records in the database. This view is one of the several Oracle views to access AUDIT information.
DBA_AUDIT_TRAIL
DBA_AUDIT_SESSION
DBA_AUDIT_STATEMENT
DBA_AUDIT_OBJECT
DBA_AUDIT_EXISTS
DBA_AUDIT_POLICIES
DBA_AUDIT_POLICY_COLUMNS

And more…
Also, we can check what audit options are enabled in our database using one of the following views.
DBA_OBJ_AUDIT_OPTS
ALL_DEF_AUDIT_OPTS
USER_OBJ_AUDIT_OPTS
DBA_STMT_AUDIT_OPTS
DBA_PRIV_AUDIT_OPTS
MYSERVER@ORA102>select * from dba_obj_audit_opts;
no rows selected
There are no objects being audited, or more accurately, have auditing options in effect.
The AUDIT data is stored in SYS.AUD$ table. It is recommended that this table be not access directly.
MYSERVER@ORA102>select * from dba_audit_trail;
no rows selected
There are currently no audit trail records in our database.
Enable AUDIT trail settings
Now we will create a table, enable auditing for DML on the table, perform some DML and check audit trail.
MYSERVER@ORA102>create table t (c int);
Table created.
MYSERVER@ORA102>audit insert, update, delete on t;
Audit succeeded.
Let us check the DBA_OBJ_AUDIT_OPTS view…
MYSERVER@ORA102>exec print_table('select * from dba_obj_audit_opts');
OWNER : SUDHAKAR
OBJECT_NAME : T
OBJECT_TYPE : TABLE
ALT : -/-
AUD : -/-
COM : -/-
DEL : S/S
GRA : -/-
IND : -/-
INS : S/S
LOC : -/-
REN : -/-
SEL : -/-
UPD : S/S
REF : -/-
EXE : -/-
CRE : -/-
REA : -/-
WRI : -/-
FBK : -/-
-----------------
PL/SQL procedure successfully completed.
Note: print_table is a procedure, developed and made available by Tom Kyte.
This shows that, AUDITING options are in effect for INS, UPD, DEL on table T.
The format of the values (S/S or -/-) indicate the level of auditing if effect.
First position indicates the auditing option for SUCCESSFUL operation and third position for UNSUCCESSFUL operation
-/- indicates no auditing in effect
S/S indicates auditing is by SESSION.
A/A indicates auditing is by ACCESS.
Click here for various options and their effect in
DBA_OBJ_AUDIT_OPTS settings.
MYSERVER@ORA102>insert into t values (1);
1 row created.
MYSERVER@ORA102>commit;
Commit complete.
MYSERVER@ORA102>select * from t;
C
----------
1
MYSERVER@ORA102>select * from dba_audit_trail;
no rows selected
MYSERVER@ORA102>
Note: Although the auditing is in effect for the table T, No audit trail is generated.
AUDIT trail enabling requires DB Restart
Now we will turn on the audit_trail setting system wide.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> alter system set audit_trail=db,extended;
alter system set audit_trail=db,extended
*
ERROR at line 1:
ORA-02095: specified initialization parameter cannot be modified
Note that in 10g this parameter is not modifiable without DB restart.
SQL> alter system set audit_trail=db,extended scope=spfile;
System altered.
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup;
ORACLE instance started.
Total System Global Area 289406976 bytes
Fixed Size 1248600 bytes
Variable Size 92275368 bytes
Database Buffers 192937984 bytes
Redo Buffers 2945024 bytes
Database mounted.
Database opened.
SQL>
DML to validate AUDIT trail settings
Now we will perform some DML on table T and observe the AUDIT trail creation.
SQL*Plus: Release 10.2.0.1.0 - Production on Fri Dec 26 18:10:16 2008
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
MYSERVER@ORA102>select * from dba_audit_trail;
no rows selected
MYSERVER@ORA102>insert into t values (2);
1 row created.
MYSERVER@ORA102>commit;
Commit complete.
MYSERVER@ORA102>select * from t;
C
----------
2
1
MYSERVER@ORA102>exec print_table('select * from dba_audit_trail');
OS_USERNAME : sudhab_c
USERNAME : SUDHAKAR
USERHOST : DIV16\SUDHABC1
TERMINAL : SUDHABC1
TIMESTAMP : 26-dec-2008 18:12:01
OWNER : SUDHAKAR
OBJ_NAME : T
ACTION : 103
ACTION_NAME : SESSION REC
NEW_OWNER :
NEW_NAME :
OBJ_PRIVILEGE :
SYS_PRIVILEGE :
ADMIN_OPTION :
GRANTEE :
AUDIT_OPTION :
SES_ACTIONS : ------S---------
LOGOFF_TIME :
LOGOFF_LREAD :
LOGOFF_PREAD :
LOGOFF_LWRITE :
LOGOFF_DLOCK :
COMMENT_TEXT :
SESSIONID : 46163
ENTRYID : 1
STATEMENTID : 13
RETURNCODE : 0
PRIV_USED :
CLIENT_ID :
ECONTEXT_ID :
SESSION_CPU :
EXTENDED_TIMESTAMP : 26-DEC-08 06.12.01.243000 PM -05:00
PROXY_SESSIONID :
GLOBAL_UID :
INSTANCE_NUMBER : 0
OS_PROCESS : 2900:1612
TRANSACTIONID : 0900050089130000
SCN : 0
SQL_BIND :
SQL_TEXT : insert into t values (2)
-----------------
PL/SQL procedure successfully completed.
MYSERVER@ORA102>
The insert statement created the audit trail.
Verify the current AUDIT trail settings
Note that, the audit trail is enabled at session level.
Posted by No comments:
Labels:

Tuesday, June 17, 2008

ARCHIVELOG Mode - FBA filled up (RMAN)

June 17, 2008
About a month ago, I changed my test database (10g - 10.2) ORCL on windows XP (PRO) into ARCHIVELOG mode.
After not looking at the DB for a month, the FLASH_RECOVERY_AREA (2G) got full and ARCH process was hanging.

I removed some of the "old" archived files to make room… that is when the problem started. This prevents all connections to the database!
Meanwhile, I had been experimenting and learning RMAN and was taking several backups of the database as well.
Then I increased, the FLASH_AREA_RECEOVERY_SIZE to 10G.
Everything was great from then on.

Since I removed some of the OLD archive log files, RMAN was not allowing any more backups.

Current backup status
RMAN> list backup of database;

List of Backup Sets
===================

BS Key Type LV Size Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
16 Full 974.02M DISK 00:02:43 15-JUN-08
BP Key: 16 Status: AVAILABLE Compressed: NO Tag: TAG20080615T082927
Piece Name: C:\ORACLE\PRODUCT\10.2.0\FLASH_RECOVERY_AREA\ORCL\BACKUPSET\2008_06_15\
O1_MF_NNNDF_TAG20080615T082927_45B2SJMF_.BKP

List of Datafiles in backup set 16
File LV Type Ckp SCN Ckp Time Name
---- -- ---- ---------- --------- ----
1 Full 32731743 15-JUN-08 C:\ORACLE\PRODUCT\10.2.0\ORADATA\ORCL\SYSTEM01.DBF
2 Full 32731743 15-JUN-08 C:\ORACLE\PRODUCT\10.2.0\ORADATA\ORCL\UNDOTBS01.DBF
3 Full 32731743 15-JUN-08 C:\ORACLE\PRODUCT\10.2.0\ORADATA\ORCL\SYSAUX01.DBF
4 Full 32731743 15-JUN-08 C:\ORACLE\PRODUCT\10.2.0\ORADATA\ORCL\USERS01.DBF
5 Full 32731743 15-JUN-08 C:\ORACLE\PRODUCT\10.2.0\ORADATA\ORCL\EXAMPLE01.DBF

When I try a backup ARCHIVELOG the following error was the result. I must have entered some wrong command along the way.


RMAN> backup archivelog all;

Starting backup at 17-JUN-08
current log archived
using channel ORA_DISK_1
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of backup command at 06/17/2008 18:08:05
RMAN-06059: expected archived log not found, lost of archived log compromises recoverability
ORA-19625: error identifying file C:\ORACLE\PRODUCT\10.2.0\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2008_05_21\
O1_MF_1_9_439O2L08_.ARC

ORA-27041: unable to open file
OSD-04002: unable to open file
O/S-Error: (OS 3) The system cannot find the path specified.

RMAN> exit;
Recovery Manager complete.

So now to recover and get the maintenance of ARCHIVELOG using RMAN and get some experience I thought I will shut down the database and recover with reset logs.

SHUTDOWN NORMAL command hung…


SQL> shutdown normal;
^C
C:\Documents and Settings\sudhab_c>


I am running version 10G (10.2) and I ran into this problem connecting back to the database.

C:\Documents and Settings\sudhab_c>sqlplus sys/********@orcl as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Tue Jun 17 18:19:36 2008

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:
ORA-12528: TNS:listener: all appropriate instances are blocking new connections
Enter user-name: sys
Enter password:
ERROR:
ORA-01090: shutdown in progress - connection is not permitted

Now SHUTDOWN IMMEDIATE and SHUTDOWN ABORT or any other command will not work.
AFTER some late night feverish searches on the net found the following website...
From the website, in response to ORA-12528 message, followed the instructions.
Website: http://dba.ipbhost.com/index.php?showtopic=6136

C:\Documents and Settings\sudhab_c>lsnrctl

LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 17-JUN-2008 18:35:32

Copyright (c) 1991, 2005, Oracle. All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Production
Start Date 09-MAY-2008 20:13:57
Uptime 38 days 22 hr. 21 min. 36 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Log File C:\oracle\product\10.2.0\db_1\network\log\listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=sudhabc1.div16.ibm.com)(PORT=1521)))
Services Summary...
Service "orcl" has 1 instance(s).
Instance "orcl", status BLOCKED, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
Instance "orcl", status BLOCKED, has 1 handler(s) for this service...
Service "orcl_XPT" has 1 instance(s).
Instance "orcl", status BLOCKED, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
The command completed successfully
LSNRCTL> start
Starting tnslsnr: please wait...

TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Production
Log messages written to C:\oracle\product\10.2.0\db_1\network\log\listener.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=sudhabc1.div16.ibm.com)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Production
Start Date 17-JUN-2008 18:35:53
Uptime 0 days 0 hr. 0 min. 3 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Log File C:\oracle\product\10.2.0\db_1\network\log\listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=sudhabc1.div16.ibm.com)(PORT=1521)))
The listener supports no services
The command completed successfully
LSNRCTL>


FINALLY back in business:

C:\Documents and Settings\sudhab_c>sqlplus sys/********@orcl as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Tue Jun 17 19:13:22 2008

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:
ORA-12528: TNS:listener: all appropriate instances are blocking new connections


Enter user-name:
C:\Documents and Settings\sudhab_c>sqlplus /nolog

SQL*Plus: Release 10.2.0.1.0 - Production on Tue Jun 17 19:14:06 2008

Copyright (c) 1982, 2005, Oracle. All rights reserved.

SQL> alter database stop archive log;
SP2-0640: Not connected
SQL> conn sys/******** as sysdba;
Connected to an idle instance.
SQL> start force;
SP2-0310: unable to open file "force.sql"
SQL> startup force;
ORACLE instance started.

Total System Global Area 289406976 bytes
Fixed Size 1248600 bytes
Variable Size 117441192 bytes
Database Buffers 167772160 bytes
Redo Buffers 2945024 bytes
Database mounted.
Database opened.
SQL>

Now I am trying establish mechanism to maintain archive logs, FLASH_RECOVERY_AREA and sizing using RMAN.
Current Database status as of June 17, 2008 at 20:00 hours.
Database is up, open and running.
Posted by No comments:
Labels: ,
Subscribe to: Posts (Atom)