码迷,mamicode.com
首页 > 数据库 > 详细

【每天一点SYBASE】- audit

时间:2015-04-22 16:15:21      阅读:234      评论:0      收藏:0      [点我收藏+]

标签:sybase   audit   threshold   

  1. close all objects‘ audit

  2. select "exec sp_audit ‘exec_procedure‘,‘all‘,‘" + name +"‘,‘off‘" AS ‘--‘ from sysobjects where audflags !=0 and type in (‘P‘,‘TR‘)
    select "exec sp_audit ‘select‘,‘all‘,‘" + name +"‘,‘off‘" AS ‘--‘ from sysobjects where audflags !=0 and type in (‘U‘,‘V‘)
    select "exec sp_audit ‘insert‘,‘all‘,‘" + name +"‘,‘off‘" AS ‘--‘ from sysobjects where audflags !=0 and type in (‘U‘,‘V‘)
    select "exec sp_audit ‘update‘,‘all‘,‘" + name +"‘,‘off‘" AS ‘--‘ from sysobjects where audflags !=0 and type in (‘U‘,‘V‘)
    select "exec sp_audit ‘delete‘,‘all‘,‘" + name +"‘,‘off‘" AS ‘--‘ from sysobjects where audflags !=0 and type in (‘U‘,‘V‘)
  3. create 3 his_audits tables in DB for archiving

select * into DB..his_audits_01 from sybsecurity..sysaudits_01 where 1=2
select * into DB..his_audits_02 from sybsecurity..sysaudits_02 where 1=2
select * into DB..his_audits_03 from sybsecurity..sysaudits_03 where 1=2


4. set up a cron job for auto archiving every week

#!/bin/sh


. /etc/.syb_password.sh

. /etc/SYBASE.sh


SERVER=$1

USER=snxsa

ERRLOG=‘/logs/sybase/audit_logs_archive.log‘


Usage()

{

        echo "archive_audit_log.sh SERVER"

        exit 0

}



if [ $# -ne 1 ]

then

   Usage

   exit 1

fi



case $SERVER in

    SERVER1)

   PASSWORD=$SERVER1_PASSWORD

;;

    SERVER2)

   PASSWORD=$SERVER2_PASSWORD

;;

*)

Usage

;;

esac


  isql -S$SERVER -U$USER <<+ > $ERRLOG

$PASSWORD

declare @cur_audit_num int

select @cur_audit_num=cur.value from master..sysconfigures con,master..syscurconfigs cur 

where con.config=cur.config

and con.name=‘current audit table‘

if @cur_audit_num =1

exec sp_configure "current audit table",0,"with truncate"

begin

insert into DB..his_audits_01 select * from sybsecurity..sysaudits_01

truncate table sybsecurity..sysaudits_01

end

if @cur_audit_num =2

begin

insert into DB..his_audits_02 select * from sybsecurity..sysaudits_02

truncate table sybsecurity..sysaudits_02

end

if @cur_audit_num =3

begin

insert into DB..his_audits_03 select * from sybsecurity..sysaudits_03

truncate table sybsecurity..sysaudits_03

end

return

+


num=`grep -c ‘Msg|LIB‘ $ERRLOG`

if [ $num -gt 0 ] 

then

  mailx -r"upboy_mi@163.com" -s"$SERVER: Archive audits logs ended at `date` with errors" "upboy_mi@163.com" <$DUMPLOG

else

  mailx -r"upboy_mi@163.com" -s"$SERVER: Archive audits logs finished at `date` ok" "upboy_mi@163.com" <$DUMPLOG

fi


exit 0


5. set up threshold

use sybsystemprocs

go

CREATE PROCEDURE dbo.sp_sybsecurity_audseg_used_80        

AS        

        

declare @dw int, @hour int        

select @dw = datepart(dw,getdate())        

select @hour = datepart(hh,getdate())        

           

execute xp_cmdshell ‘mailx -r"DBA@synnex.com" -s "SERVER1: sybsecurity aud_segment usage is over 80%!" "DBA@synnex.com" < /dev/null ‘ 


go

use sybsecurity

go

exec sp_addthreshold sybsecurity,aud_seg_01,30720,sp_sybsecurity_audseg_used_80

exec sp_addthreshold sybsecurity,aud_seg_02,30720,sp_sybsecurity_logseg_used_80

exec sp_addthreshold sybsecurity,aud_seg_03,30720,sp_sybsecurity_logseg_used_80

--exec sp_addthreshold sybsecurity,logsegment,10240,sp_sybsecurity_logseg_used_80


本文出自 “梦想飞扬” 博客,请务必保留此出处http://upboy.blog.51cto.com/3058036/1636781

【每天一点SYBASE】- audit

标签:sybase   audit   threshold   

原文地址:http://upboy.blog.51cto.com/3058036/1636781

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!