Oracle 参数 AUDIT_SYSLOG_LEVEL 官方解释,作用,如何配置最优化建议
本站中文解释
AUDIT_SYSLOG_LEVEL是Audit Vault和Database Firewall中用于控制syslog消息级别的参数。该参数可以控制标准audit_syslog输出消息级别,允许被记录的日志消息类型可以被定制。
可用的参数范围有:
• 0(EMERGENCY):表示紧急情况,系统操作将受到影响和崩溃,所有用户将立即受到影响;
• 1(ALERT):表示需要立即采取行动;
• 2(CRITICAL):表示重要情况,表现为严重性问题,当前操作受阻;
• 3(ERROR):表示错误,仍然允许操作继续进行,但是对系统性能或功能有限制;
• 4(WARNING):表示存在潜在风险,但仍不影响系统性能或功能;
• 5(NOTICE):表示重要情况,但不会产生严重影响;
• 6(INFORMATIONAL):表示提示信息,比如信息服务的启动和停止;
• 7(DEBUG):表示调试信息,用于调试目的;
正确设置Oracle参数AUDIT_SYSLOG_LEVEL的方法如下:
1.登录到目标数据库,使用SQL*Plus命令窗口;
2.使用’alter system set audit_syslog_level= scope=spfile’语句设置audit_syslog_level值,其中为您想设置的日志级别,可以是0-7范围内的任何值;
3.使用’shutdown immediate’语句关闭当前的数据库实例;
4.使用’startup’语句重新启动数据库实例;
5.使用’show parameter audit_syslog_level’命令检查参数是否已成功设置。
官方英文解释
AUDIT_SYSLOG_LEVEL allows SYS and standard OS audit records to be written to the system audit log using the SYSLOG utility.
| Property | Description |
|---|---|
|
Parameter type |
String |
|
Syntax |
|
|
Syntax |
facility_clause::=
|
|
Syntax |
priority_clause::=
|
|
Default value |
There is no default value. |
|
Modifiable |
No |
|
Modifiable in a PDB |
No |
|
Basic |
No |
|
Examples |
|
Note:
This parameter is effective when using traditional auditing. Traditional auditing is deprecated in Oracle Database 21c. Oracle recommends that you instead use unified auditing, which enables selective and more effective auditing inside Oracle Database.
-
See Oracle Database Security
Guide for more information about unified auditing. -
See Oracle Database Upgrade
Guide for more information about migrating to unified auditing.
In an Oracle database that has migrated to unified auditing, the setting of this parameter has no effect.
If you use this parameter, it is best to assign a file corresponding to every combination of facility and priority (especially KERN.EMERG) in syslog.conf . Sometimes these are assigned to print to the console in the default syslog.conf file. This can become annoying and will be useless as audit logs. Also, if you use this parameter, it is best to set the maximum length of syslog messages in the system to 512 bytes.
Note:
Audit records written to the system audit log could get truncated to 512 bytes, and different parts of the same audit record may not be joined to get the original complete audit record.
See Also:
Oracle Database Security
Guide for information about configuring syslog auditing
If AUDIT_SYSLOG_LEVEL is set and SYS auditing is enabled (AUDIT_SYS_OPERATIONS = TRUE), then SYS audit records are written to the system audit log. If AUDIT_SYSLOG_LEVEL is set and standard audit records are being sent to the operating system (AUDIT_TRAIL = os), then standard audit records are written to the system audit log.
In a CDB, the scope of the settings for this initialization parameter is the CDB. Although the audit trail is provided per PDB in a CDB, this initialization parameter cannot be configured for individual PDBs.
