Dameng database audit function
preface
Audit mechanism is one of the important parts of security management in DM database management system. DM database not only provides data security protection measures, but also provides post audit supervision of daily events. DM has a flexible audit subsystem, which can record system level events, individual user behavior and access to database objects. By investigating and tracking audit information, database auditors can view the form of user access and the operation they have tried to carry out on the system, so as to take positive and effective countermeasures.
Audit switch
Turn on the general audit switch:
SP_SET_ENABLE_AUDIT (1);
ENABLE_AUDIT=0 —Close audit ENABLE_AUDIT=1 —Open general audit ENABLE_AUDIT=2 —Open general audit and real-time audit
Applicable to DM8 version, DM7 reports an error
Errors will be reported when other users start:
terms of settlement:
SYSAUDITOR user login
Audit level
△ only auditors with AUDIT DATABASE permission can perform audit settings
The audit settings are stored in the DM dictionary table SYSAUDIT. Once the audit settings are made, a corresponding record will be added to SYSAUDIT. If the audit is cancelled, the corresponding record in SYSAUDIT will be deleted.
| Audit level | explain |
|---|---|
| System level | This level of audit cannot and does not need to be set by the user for system startup and shutdown. As long as the audit switch is turned on, the corresponding audit record will be automatically generated |
| Statement level | Causes an audit of a particular SQL or statement group that affects a particular type of database object. For example, AUDIT TABLE will audit statements such as CREATE TABLE, ALTER TABLE and DROP TABLE |
| Object level | Audit statements that act on special objects. Such as the INSERT statement on the test table |
For more information, go to Dameng community to learn: Damon audit document
Statement level audit
Set up statement level audit
The system process of setting statement level audit is as follows:
VOID
SP_AUDIT_STMT(
TYPE VARCHAR(30),--Statement level audit options
USERNAME VARCHAR (128), --user name
WHENEVER VARCHAR (20) --Audit timing: ALL: be-all SUCCESSFUL: When the operation is successful FAIL: When the operation fails
)
For example:
SP_AUDIT_STMT('TABLE', 'NULL', 'ALL');--Creation, modification and deletion of audit tables
SP_AUDIT_STMT('USER', 'SYSDBA', 'SUCCESSFUL');--yes SYSDBA Create user successfully for audit.
SP_AUDIT_STMT('UPDATE TABLE', 'USER2', 'ALL');--For users USER2 The modification and deletion of the table are audited regardless of failure and success.
SP_AUDIT_STMT('DELETE TABLE', 'USER2', 'ALL');
Cancel statement level audit
System procedure for canceling statement level audit
VOID
SP_NOAUDIT_STMT(
TYPE VARCHAR(30),
USERNAME VARCHAR (128),
WHENEVER VARCHAR (20)
)
The usage is basically consistent with the setting.
Object level audit
Set up object level audit
Object level auditing takes place on specific objects. You need to specify the schema name and object name.
VOID
SP_AUDIT_OBJECT (
TYPE VARCHAR(30),
USERNAME VARCHAR (128),
SCHNAME VARCHAR (128),
TVNAME VARCHAR (128),
WHENEVER VARCHAR (20)
)
VOID
SP_AUDIT_OBJECT (
TYPE VARCHAR(30), --Object level audit options
USERNAME VARCHAR (128), --user name
SCHNAME VARCHAR (128), --Pattern name
TVNAME VARCHAR (128), --Table, view and stored procedure name cannot be empty
COLNAME VARCHAR (128), --Listing
WHENEVER VARCHAR (20) --Audit timing
)
For example:
SP_AUDIT_OBJECT('INSERT', 'SYSDBA', 'PERSON', 'ADDRESS', 'SUCCESSFUL'); --yes SYSDBA Watch PERSON.ADDRESS Audit the successful operation of the addition.
SP_AUDIT_OBJECT('UPDATE', 'SYSDBA', 'PERSON', 'ADDRESS', 'SUCCESSFUL'); --yes SYSDBA Watch PERSON.ADDRESS The successful operation of the modification is audited.
SP_AUDIT_OBJECT('UPDATE','SYSDBA','PERSON','ADDRESS','ADDRESS1','SUCCESSFUL'); --yes SYSDBA Watch PERSON.ADDRESS of ADDRESS1 The modifications made to the column are audited for successful operations
Cancel object level audit
VOID
SP_NOAUDIT_OBJECT (
TYPE VARCHAR(30),
USERNAME VARCHAR (128),
SCHNAME VARCHAR (128),
TVNAME VARCHAR (128),
WHENEVER VARCHAR (20)
)
VOID
SP_NOAUDIT_OBJECT (
TYPE VARCHAR(30),
USERNAME VARCHAR (128),
SCHNAME VARCHAR (128),
TVNAME VARCHAR (128),
COLNAME VARCHAR (128),
WHENEVER VARCHAR (20)
)
Usage is similar to setting!
Supplementary notes
- As long as the audit function is enabled, system level audit records will be generated;
- During database audit, there is no difference between auditors. You can audit all database objects or cancel the audit settings of other auditors;
- Statement level audit is not for specific objects, but only for users;
- Object level audit audits the specified users and specified objects;
- When setting audit, the audit options can be set regardless of the inclusion relationship;
- When setting an audit, the audit opportunity can be set regardless of the inclusion relationship;
- If a statement executed by the user matches several audit items set, only one audit record will be generated in the audit file.
Audit document management
The audit file is stored in the system of the database by default_ The path specified by path, that is, the path where the database is located. Users can also use DM Add parameter aud to INI file_ Path to specify the storage path of the audit file
The audit file naming format is "AUDIT_GUID_ creation time. log"
With the operation of the system, audit records will continue to increase, and audit files need more disk space. We need to back up the audit files in time.
backups
Steps:
By opening the DM audit analysis tool
Configure the information to be connected and enter the management interface
Audit log view:
Select aud by clicking Add File_ Path path file (if configured, no configuration, the default is in the system path), OK.
You can add filtering rules to filter and select the required audit information for backup.
delete
System process:
VOID
SP_DROP_AUDIT_FILE(
TIME_STR VARCHAR(128), --Specified time string
TYPE INT --Audit file type: 0 means to delete ordinary audit file and 1 means to delete real-time audit file
);
For example;
SP_DROP_AUDIT_FILE('2015-12-6 16:30:00',0); --Delete 2015-12-6 16:30:00 Previous general audit documents
encryption
slightly
Since then, it is the basic introduction of the audit function of Dameng database.
For more information, please go to Dameng technology community: https://eco.dameng.com