如何在没有性能和可伸缩性问题的情况下审核数据库活动? [英] How to Audit Database Activity without Performance and Scalability Issues?

问题描述

我需要审核所有数据库活动，而不管它是来自应用程序还是通过其他方式发出一些sql.因此，审核必须在数据库级别进行.有问题的数据库是Oracle.我考虑了通过触发器以及Oracle提供的称为细粒度审核"的方法来进行此操作.在这两种情况下，我们都对特定的表和特定的列进行审核.但是，我们发现当使用这两种方法时，性能确实很糟糕.

I have a need to do auditing all database activity regardless of whether it came from application or someone issuing some sql via other means. So the auditing must be done at the database level. The database in question is Oracle. I looked at doing it via Triggers and also via something called Fine Grained Auditing that Oracle provides. In both cases, we turned on auditing on specific tables and specific columns. However, we found that Performance really sucks when we use either of these methods.

由于围绕数据隐私的法规是绝对必须进行审核，因此我想知道什么是在不显着降低性能的情况下执行此操作的最佳方法.如果有人对此具有特定的Oracle经验，那将是有帮助的，但如果不是只有围绕数据库活动审核的常规实践也可以的话.

Since auditing is an absolute must due to regulations placed around data privacy, I am wondering what is best way to do this without significant performance degradations. If someone has Oracle specific experience with this, it will be helpful but if not just general practices around database activity auditing will be okay as well.

推荐答案

我不确定这是否足够成熟 系统，但是我在监视数据库方面取得了很多成功 使用网络流量嗅探器访问流量.

I'm not sure if it's a mature enough approach for a production system, but I had quite a lot of success with monitoring database traffic using a network traffic sniffer.

将应用程序和数据库之间的原始数据发送给另一个 机器并在那里进行解码和分析.

Send the raw data between the application and database off to another machine and decode and analyse it there.

我使用了PostgreSQL，并对流量进行解码并将其转换为 可以记录的数据库操作流相对 直截了当.我想它可以在任何数据包所在的数据库上工作 格式已记录下来.

I used PostgreSQL, and decoding the traffic and turning it into a stream of database operations that could be logged was relatively straightforward. I imagine it'd work on any database where the packet format is documented though.

主要要点是它不会对数据库本身造成任何额外的负担.

The main point was that it put no extra load on the database itself.

此外，它是被动监视，它记录了所有活动，但是 无法阻止任何操作，因此可能与您要找的不完全一样.

Also, it was passive monitoring, it recorded all activity, but couldn't block any operations, so might not be quite what you're looking for.

这篇关于如何在没有性能和可伸缩性问题的情况下审核数据库活动?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！