【IT168 技术文档】本文档以安装在NT环境下的ASE12.5.x为例,sybase安装路径为'c:ase12'
1、创建审计所需的数据库设备和数据库
use master
go
--创建审计数据库sybsecurity
disk init name = 'auditdev1',physname = 'c:ase12dataauditdev1',size = '500m'
go
disk init name = 'auditlog1',physname = 'c:ase12dataauditlog1',size = '1000m'
go
create database sybsecurity on auditdev1 = 500 log on auditlog1 = 1000
go
注:sybsecurity库的数据设备不要建太大,便于转储,日志要大一点,以免转储过程中日志空间不足。
--创建转储审计结果的数据库auditdata
disk init name = 'auditdatadev1',physname = 'c:ase12dataauditdatadev1',size = '5000m'
go
disk init name = 'auditdatalog1',physname = 'c:ase12dataauditdatalog1',size = '1000m'
go
create database auditdata on auditdatadev1 = 5000 log on auditdatalog1 = 1000
go
2、设置数据库选项use sybsecurity
go
master..sp_dboption sybsecurity ,'trunc log on chkpt',true
go
checkpoint
go
use auditdata
go
master..sp_dboption auditdata ,'trunc log on chkpt',true
go
master..sp_dboption auditdata ,'select into/bulkcopy/pllsort',true
go
checkpoint
go
3、执行安装脚本isql -Usa -P123456 -Spds -ic:ase12ASE-12_5scriptsinstallsecurity
在UNIX环境下
cd $SYBASE/ASE-12_5/scripts
isql -Usa -Ppassword -Sservername -iinstallsecurity
4、重启SYBASE服务
5、初始化和追加第二个审计表所需的数据库设备auditdev2disk init name = 'auditdev2',physname = 'c:ase12dataauditdev2',size = '500m'
go
alter database sybsecurity on auditdev2 = 500
go
6、创建第二个审计表sysaudits_02(上面第3步执行安装脚本时会自动创建审计表sysaudits_01)
sp_addaudittable auditdev2
go
7、在转储库中创建与sysaudits_01结构相同的转储表sysauditdataselect * into auditdata..sysauditdata from sybsecurity..sysaudits_01 where 1=2
go
8、在sybsecurity中创建审计表阈值过程
use sybsecurity
go
create procedure audit_thresh
as
begin
declare @audit_table_number int
/*
** Select the value of the current audit table
*/
select @audit_table_number = scc.value
from master.dbo.syscurconfigs scc, master.dbo.sysconfigures sc
where sc.config=scc.config and sc.name = 'current audit table'
/*
** Set the next audit table to be current.
** When the next audit table is specified as 0,
** the value is automatically set to the next one.
*/
exec sp_configure 'current audit table', 0, 'with truncate'
/*
** Copy the audit records from the audit table
** that became full into another table.
*/
if @audit_table_number = 1
begin
insert auditdata..sysauditdata
select * from sysaudits_01
truncate table sysaudits_01
end
else if @audit_table_number = 2
begin
insert auditdata..sysauditdata
select * from sysaudits_02
truncate table sysaudits_02
end
return(0)
end
go
9、将阈值过程追加到每一个审计段use sybsecurity
go
sp_addthreshold sybsecurity, aud_seg_01, 250, audit_thresh
go
sp_addthreshold sybsecurity, aud_seg_02, 250, audit_thresh
go
10、调整审计相关配置参数sp_configure 'audit queue size',1000
go
--审计队列大小,一个审计记录需内存424字节,缺省100,改为1000,
--约需内存420k,增大这个值,可以减小因审计而产生阻塞的可能性。
sp_configure 'suspend audit when device full',1 --1是缺省值
go
11、设置审计选项sp_audit "all","sa_role","all","on"
go
--天津联通发来的文档中,要求打开这个审计选项
12、启用审计功能sp_configure 'auditing',1
go
13、察看审计结果--最初的审计结果在sybsecurity..sysaudits_01(或sybsecurity..sysaudits_02)中
Select * from sybsecurity..sysaudits_01
go
--转储之后的审计结果在auditdata..sysauditdata
select * from auditdata..sysauditdata
go
14、如需停用审计功能,命令如下sp_configure 'auditing',0
go