如何在没有性能和可扩展性问题的情况下审计数据库活动? [英] How to Audit Database Activity without Performance and Scalability Issues?

问题描述

我需要审计所有数据库活动，无论它是来自应用程序还是某人通过其他方式发出一些 sql.所以审计必须在数据库级别进行.有问题的数据库是 Oracle.我查看了通过触发器以及 Oracle 提供的称为细粒度审计的东西来完成它.在这两种情况下，我们都开启了对特定表和特定列的审计.然而，我们发现当我们使用这两种方法中的任何一种时，性能确实很糟糕.

I have a need to do auditing all database activity regardless of whether it came from application or someone issuing some sql via other means. So the auditing must be done at the database level. The database in question is Oracle. I looked at doing it via Triggers and also via something called Fine Grained Auditing that Oracle provides. In both cases, we turned on auditing on specific tables and specific columns. However, we found that Performance really sucks when we use either of these methods.

由于围绕数据隐私的法规，审计是绝对必要的，我想知道在不显着降低性能的情况下执行此操作的最佳方法是什么.如果有人在这方面有 Oracle 特定的经验，这会很有帮助，但如果不仅仅是围绕数据库活动审计的一般实践也可以.

Since auditing is an absolute must due to regulations placed around data privacy, I am wondering what is best way to do this without significant performance degradations. If someone has Oracle specific experience with this, it will be helpful but if not just general practices around database activity auditing will be okay as well.

推荐答案

我不确定它是否是一种足够成熟的制作方法系统，但我在监控数据库方面取得了很大的成功使用网络流量嗅探器检测流量.

I'm not sure if it's a mature enough approach for a production system, but I had quite a lot of success with monitoring database traffic using a network traffic sniffer.

将应用程序和数据库之间的原始数据发送到另一个机器并在那里解码和分析它.

Send the raw data between the application and database off to another machine and decode and analyse it there.

我使用 PostgreSQL，并解码流量并将其转换为可以记录的数据库操作流是相对的直截了当.我想它可以在数据包所在的任何数据库上工作格式已记录在案.

I used PostgreSQL, and decoding the traffic and turning it into a stream of database operations that could be logged was relatively straightforward. I imagine it'd work on any database where the packet format is documented though.

主要的一点是它不会给数据库本身带来额外的负担.

The main point was that it put no extra load on the database itself.

此外，它是被动监控，它记录了所有活动，但是无法阻止任何操作，因此可能不是您要查找的内容.

Also, it was passive monitoring, it recorded all activity, but couldn't block any operations, so might not be quite what you're looking for.

这篇关于如何在没有性能和可扩展性问题的情况下审计数据库活动?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！