清除統一統計信息, 統計審計不支持直接drop 基表, 但是可以drop partition
SYS@ORCLCDB> alter table AUDSYS.AUD$UNIFIED drop partition AUD_UNIFIED_P0 ; alter table AUDSYS.AUD$UNIFIED drop partition AUD_UNIFIED_P0 * ERROR at line 1: ORA-46385: DML and DDL operations are not allowed on table "AUDSYS"."AUD$UNIFIED". #可以DROP AUD$UNIFIED 的分區 BEGIN DBMS_AUDIT_MGMT.ALTER_PARTITION_INTERVAL( interval_number => 1, interval_frequency => 'DAY'); END; / col PARTITION_NAME for a15 col HIGH_VALUE for a40 select partition_name,INTERVAL,HIGH_VALUE from dba_tab_partitions where table_name='AUD$UNIFIED'; alter session set tracefile_identifier='10046'; alter session set max_dump_file_size = UNLIMITED; alter session set timed_statistics=true; alter session set events '10046 trace name context forever, level 12'; BEGIN DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED, use_last_arch_timestamp => TRUE); END; / alter session set events '10046 trace name context off'; select * from v$diag_info where name like 'Default Trace File%'; select partition_name,INTERVAL,HIGH_VALUE from dba_tab_partitions where table_name='AUD$UNIFIED'; grep DROP /refresh/home/app/12.2.0.1/oracle/diag/rdbms/orcl12201/orcl12201/trace/orcl12201_ora_6340_10046.trc [root@elk-master ~]# grep DROP /opt/oracle/diag/rdbms/orclcdb/ORCLCDB/trace/ORCLCDB_ora_183361_10046.trc CALL DBMS_PDB_EXEC_SQL('ALTER TABLE AUDSYS.AUD$UNIFIED DROP PARTITION SYS_P181') ALTER TABLE AUDSYS.AUD$UNIFIED DROP PARTITION SYS_P181
設置清除歸檔時間戳記 :
BEGIN DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP( AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED, LAST_ARCHIVE_TIME => '11-MAY-2020 06:30:00.00', RAC_INSTANCE_NUMBER => 1, CONTAINER => DBMS_AUDIT_MGMT.CONTAINER_CURRENT); END; / 參數說明: AUDIT_TRAIL_TYPE指定審核跟蹤類型。DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED將其設置為統一審核跟蹤。 <------------- DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD用於傳統的標准審計跟蹤表AUD$。(此設置不適用於只讀數據庫。) DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD用於傳統的細粒度審核跟蹤表FGA_LOG$。(此設置不適用於只讀數據庫。) DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS用於帶有.aud擴展名的傳統操作系統審核跟蹤文件。(此設置不適用於Windows事件日志條目。) DBMS_AUDIT_MGMT.AUDIT_TRAIL_XML 用於XML傳統操作系統審核跟蹤文件。 LAST_ARCHIVE_TIME指定時間戳YYYY-MM-DD HH:MI:SS.FFUTC格式(協調世界時)AUDIT_TRAIL_UNIFIED,AUDIT_TRAIL_AUD_STD以及AUDIT_TRAIL_FGA_STD,並在當地時區AUDIT_TRAIL_OS和AUDIT_TRAIL_XML。 注意: 時間好像是12小時制 ,上午 '12-OCT-2019 12:00:00.00 AM' 即24小時至的00:00:00 下午 '12-OCT-2019 12:59:59.00 PM' 即24小時至的23:59:59 例: 12小時制當天0晨 SELECT To_date(To_char(Trunc(SYSDATE), 'yyyy/mm/dd hh12:mi:ss'), 'yyyy/mm/dd hh12:mi:ss') FROM dual ; 24小時制當天0晨 SELECT To_date(To_char(Trunc(SYSDATE), 'yyyy/mm/dd hh24:mi:ss'), 'yyyy/mm/dd hh24:mi:ss') FROM dual ; RAC_INSTANCE_NUMBER指定Oracle RAC安裝的實例號。此設置與單實例數據庫無關。 如果指定DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD或DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD審計跟蹤類型,則可以省略該RAC_INSTANCE_NUMBER參數。 這是因為,即使對於Oracle RAC安裝,也只有一個AUD$或一個FGA_LOG$表。默認值為NULL。 您可以通過SHOW PARAMETER INSTANCE_NUMBER在SQL * Plus中發出命令來找到當前實例的實例號。 CONTAINER將時間戳應用於多租戶環境。DBMS_AUDIT_MGMT.CONTAINER_CURRENT指定當前的PDB;DBMS_AUDIT_MGMT.CONTAINER_ALL適用於多租戶環境中的所有PDB。 請注意,您可以從CDBK 設置CONTAINER到DBMS_MGMT.CONTAINER_ALL ,或 在PDB中設置 DBMS_MGMT.CONTAINER_CURRENT 。 select to_char(last_archive_ts, 'yyyy/mm/dd hh24:mi:ss.ff6 TZR TZD') time from dba_audit_mgmt_last_arch_ts; -------------------------------------------------------------------------------- 2019/10/12 06:30:00.000000 +00:00 刪除歸檔時間戳記 : BEGIN DBMS_AUDIT_MGMT.CLEAR_LAST_ARCHIVE_TIMESTAMP( AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED, CONTAINER => DBMS_AUDIT_MGMT.CONTAINER_CURRENT); END; / 通常,設置時間戳后,可以使用DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL PL / SQL過程刪除在時間戳日期之前創建的審核記錄。 #統計刪之用前有多少行,對是清理后是否 為0 select count(*) from UNIFIED_AUDIT_TRAIL where EVENT_TIMESTAMP < TO_TIMESTAMP('12-OCT-2019 01:00:00','DD-MON-RRRR HH24:MI:SS') ; #執行了幾次清理操作 select count(*) from UNIFIED_AUDIT_TRAIL where OBJECT_NAME='DBMS_AUDIT_MGMT' and SQL_TEXT LIKE '%DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL%';
手動清理: BEGIN DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL( AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED, USE_LAST_ARCH_TIMESTAMP => TRUE, CONTAINER => DBMS_AUDIT_MGMT.CONTAINER_CURRENT ); END; / 查看歷史清理記錄 select * from UNIFIED_AUDIT_TRAIL where OBJECT_NAME='DBMS_AUDIT_MGMT' and OBJECT_SCHEMA='SYS' AND SQL_TEXT LIKE '%DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL%';
自動清理: 通過DBMS_AUDIT_MGMT 創建JOB實現 BEGIN DBMS_AUDIT_MGMT.CREATE_PURGE_JOB ( AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED, AUDIT_TRAIL_PURGE_INTERVAL => 12, AUDIT_TRAIL_PURGE_NAME => 'Audit_Trail_PJ', USE_LAST_ARCH_TIMESTAMP => TRUE, CONTAINER => DBMS_AUDIT_MGMT.CONTAINER_CURRENT); END; / AUDIT_TRAIL_PURGE_INTERVAL 指定運行此清除作業的每小時間隔。計時從您運行該DBMS_AUDIT_MGMT.CREATE_PURGE_JOB過程時開始,在這種情況下,是在您運行此過程后12個小時。 要啟用或禁用審核跟蹤清除作業: BEGIN DBMS_AUDIT_MGMT.SET_PURGE_JOB_STATUS( AUDIT_TRAIL_PURGE_NAME => 'Audit_Trail_PJ', AUDIT_TRAIL_STATUS_VALUE => DBMS_AUDIT_MGMT.PURGE_JOB_ENABLE); END; / --DBMS_AUDIT_MGMT.PURGE_JOB_ENABLE 啟用 --DBMS_AUDIT_MGMT.PURGE_JOB_DISABLE 禁用 設置間隔時間 BEGIN DBMS_AUDIT_MGMT.SET_PURGE_JOB_INTERVAL( AUDIT_TRAIL_PURGE_NAME => 'Audit_Trail_PJ', AUDIT_TRAIL_INTERVAL_VALUE => 24); END; / 刪除清理任務 BEGIN DBMS_AUDIT_MGMT.DROP_PURGE_JOB( AUDIT_TRAIL_PURGE_NAME => 'Audit_Trail_PJ'); END; / 相關視圖: DBA_AUDIT_MGMT_CLEAN_EVENTS 顯示傳統(即非統一)審計跟蹤的清除事件的歷史記錄 統計審計的清除記錄 select * from UNIFIED_AUDIT_TRAIL where OBJECT_NAME='DBMS_AUDIT_MGMT' and OBJECT_SCHEMA='SYS' AND SQL_TEXT LIKE '%DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL%'; DBA_AUDIT_MGMT_CLEANUP_JOBS 顯示當前配置的審核跟蹤清除作業 DBA_AUDIT_MGMT_CONFIG_PARAMS 顯示DBMS_AUDIT_MGMTPL / SQL程序包 使用的當前配置的審核跟蹤屬性 DBA_AUDIT_MGMT_LAST_ARCH_TS 顯示為審計跟蹤清除設置的最后一個歸檔時間戳記