SQLSERVER2008新增的审核/审计功能
功能
审核
审计
新增
SQLSERVER2008新增的审核/审计功能 很多时候我们都需要对数据库或者数据库服务器实例进行审核/审计 例如对失败的登录次数进行审计,某个数据库上的DDL语句进行审计,某个数据库表里面的delete语句进行审计 事实上,我们这些审计的需求基本上都是为了一个目的
SQLSERVER2008新增的审核/审计功能
很多时候我们都需要对数据库或者数据库服务器实例进行审核/审计
例如对失败的登录次数进行审计,某个数据库上的DDL语句进行审计,某个数据库表里面的delete语句进行审计
事实上,我们这些审计的需求基本上都是为了一个目的:防黑客
上面的这些审计需求无非就是看一下有哪些人试图入侵数据库服务器,入侵了之后是否有drop表,是否有delete数据
在SQLSERVER2008及以前版本可以选择的方案有
1、服务器级别DDL触发器和数据库级别的DDL触发器(SQL2005及以上版本) 以及DML触发器
2、自己手工从事务日志里读取操作记录,权威的书都会说事务日志不是审核工具,一般大型数据库都会设置为简单模式,事务日志截断
3、依靠SQLSERVER ERRORLOG来检查登录审核,导致SQLSERVER ERRORLOG login相关的日志泛滥 导致SQL排错造成困难
4、事件通知:http://www.cnblogs.com/gaizai/p/3473553.html
5、更改跟踪:http://www.cnblogs.com/gaizai/p/3482579.html
6、变更数据捕获(CDC):http://www.cnblogs.com/gaizai/p/3479731.html
我们一般都会把C2 审核跟踪和登录审核里面只限成功的登录,以防止SQL ERRORLOG日志泛滥,因为服务器是很久才重启一次的,如果不做修改很容易造成磁盘爆满
<span>--</span><span>禁用C2 审核跟踪和只限成功的登录</span> <span>EXEC</span> sys.sp_configure N<span>'</span><span>c2 audit mode</span><span>'</span>, N<span>'</span><span>0</span><span>'</span> <span>GO</span> <span>RECONFIGURE</span> <span>WITH</span><span> OVERRIDE </span><span>GO</span> <span>USE</span> <span>[</span><span>master</span><span>]</span> <span>GO</span> <span>EXEC</span> xp_instance_regwrite N<span>'</span><span>HKEY_LOCAL_MACHINE</span><span>'</span>, N<span>'</span><span>Software\Microsoft\MSSQLServer\MSSQLServer</span><span>'</span>, N<span>'</span><span>AuditLevel</span><span>'</span>, REG_DWORD, <span>1</span> <span>GO</span>
登录后复制
SQLSERVER2008新增的审核功能
在sqlserver2008新增了审核功能,可以对服务器级别和数据库级别的操作进行审核/审计,事实上,事件通知、更改跟踪、变更数据捕获(CDC)
都不是用来做审计的,只是某些人乱用这些功能,也正因为乱用这些功能导致踩坑
事件通知:性能跟踪
更改跟踪:用Sync Services来构建偶尔连接的系统
变更数据捕获(CDC):数据仓库的ETL 中的数据抽取(背后使用logreader)
而审核是SQLSERVER专门针对数据库安全的进行的审核,记住,他是专门的!
我们看一下审核的使用方法
审核对象
步骤一:创建审核对象,审核对象是跟保存路径关联的,所以如果你需要把审核操作日志保存到不同的路径就需要创建不同的审核对象
我们把审核操作日志保存在文件系统里,在创建之前我们还要在相关路径先创建好保存的文件夹,我们在D盘先创建sqlaudits文件夹,然后执行下面语句
<span>--</span><span>创建审核对象之前需要切换到master数据库</span> <span>USE</span> <span>[</span><span>master</span><span>]</span> <span>GO</span> <span>CREATE</span> SERVER AUDIT MyFileAudit <span>TO</span> <span>FILE</span>(FILEPATH<span>=</span><span>'D</span><span>:\sqlaudits</span><span>'</span>) <span>--</span><span>这里指定文件夹不能指定文件,生成文件都会保存在这个文件夹</span> <span>GO</span>
登录后复制
实际上,我们在创建审核对象的同时可以指定审核选项,下面是相关脚本
把日志放在磁盘的好处是可以使用新增的TVF:sys.[fn_get_audit_file] 来过滤和排序审核数据,如果把审核数据保存在Windows 事件日志里查询起来非常麻烦
<span>USE</span> <span>[</span><span>master</span><span>]</span> <span>GO</span> <span>CREATE</span> SERVER AUDIT MyFileAudit <span>TO</span> <span>FILE</span><span>( FILEPATH</span><span>=</span><span>'</span><span>D:\sqlaudits</span><span>'</span><span>, MAXSIZE</span><span>=</span><span>4GB, MAX_ROLLOVER_FILES</span><span>=</span><span>6</span><span>) </span><span>WITH</span><span> ( ON_FAILURE</span><span>=</span><span>CONTINUE</span><span>, QUEUE_DELAY</span><span>=</span><span>1000</span><span>); </span><span>ALTER</span> SERVER AUDIT MyFileAudit <span>WITH</span>(STATE <span>=</span><span>ON</span>)
登录后复制
MAXSIZE:指明每个审核日志文件的最大大小是4GB
MAX_ROLLOVER_FILES:指明滚动文件数目,类似于SQL ERRORLOG,达到多少个文件之后删除前面的历史文件,这里是6个文件
ON_FAILURE:指明当审核数据发生错误时的操作,这里是继续进行审核,如果指定shutdown,那么将会shutdown整个实例
queue_delay:指明审核数据写入的延迟时间,这里是1秒,最小值也是1秒,如果指定0表示是实时写入,当然性能也有一些影响
STATE:指明启动审核功能,STATE这个选项不能跟其他选项共用,所以只能单独一句
在修改审核选项的时候,需要先禁用审核,再开启审核
<span>ALTER</span> SERVER AUDIT MyFileAudit <span>WITH</span>(STATE <span>=</span><span>OFF</span><span>) </span><span>ALTER</span> SERVER AUDIT MyFileAudit <span>WITH</span>(QUEUE_DELAY <span>=</span><span>1000</span><span>) </span><span>ALTER</span> SERVER AUDIT MyFileAudit <span>WITH</span>(STATE <span>=</span><span>ON</span>)
登录后复制
审核规范
在SQLSERVER审核里面有审核规范的概念,一个审核对象只能绑定一个审核规范,而一个审核规范可以绑定到多个审核对象
我们来看一下脚本
<span>CREATE</span><span> SERVER AUDIT SPECIFICATION CaptureLoginsToFile </span><span>FOR</span><span> SERVER AUDIT MyFileAudit </span><span>ADD</span><span> (failed_login_group), </span><span>ADD</span><span> (successful_login_group) </span><span>WITH</span> (STATE<span>=</span><span>ON</span><span>) </span><span>GO</span> <span>CREATE</span> SERVER AUDIT MyAppAudit <span>TO</span><span> APPLICATION_LOG </span><span>GO</span> <span>ALTER</span> SERVER AUDIT MyAppAudit <span>WITH</span>(STATE <span>=</span><span>ON</span><span>) </span><span>ALTER</span> SERVER AUDIT SPECIFICATION CaptureLoginsToFile <span>WITH</span> (STATE<span>=</span><span>OFF</span><span>) </span><span>GO</span> <span>ALTER</span><span> SERVER AUDIT SPECIFICATION CaptureLoginsToFile </span><span>FOR</span><span> SERVER AUDIT MyAppAudit </span><span>ADD</span><span> (failed_login_group), </span><span>ADD</span><span> (successful_login_group) </span><span>WITH</span> (STATE<span>=</span><span>ON</span><span>) </span><span>GO</span>
登录后复制
我们创建一个服务器级别的审核规范CaptureLoginsToFile,然后再创建多一个审核对象MyAppAudit ,这个审核对象会把审核日志保存到Windows事件日志的应用程序日志里
我们禁用审核规范CaptureLoginsToFile,修改审核规范CaptureLoginsToFile属于审核对象MyAppAudit ,修改成功
而如果要把多个审核规范绑定到同一个审核对象则会报错
<span>CREATE</span><span> SERVER AUDIT SPECIFICATION CaptureLoginsToFileA </span><span>FOR</span><span> SERVER AUDIT MyFileAudit </span><span>ADD</span><span> (failed_login_group), </span><span>ADD</span><span> (successful_login_group) </span><span>WITH</span> (STATE<span>=</span><span>ON</span><span>) </span><span>GO</span> <span>CREATE</span><span> SERVER AUDIT SPECIFICATION CaptureLoginsToFileB </span><span>FOR</span><span> SERVER AUDIT MyFileAudit </span><span>ADD</span><span> (failed_login_group), </span><span>ADD</span><span> (successful_login_group) </span><span>WITH</span> (STATE<span>=</span><span>ON</span><span>) </span><span>GO</span> <span>--</span><span>消息 33230,级别 16,状态 1,第 86 行</span><span> --</span><span>审核 'MyFileAudit' 的审核规范已经存在。</span>
登录后复制
这里要说一下 :审核对象和审核规范的修改 ,无论是审核对象还是审核规范,在修改他们的相关参数之前,他必须要先禁用,后修改,再启用
<span>--</span><span>禁用审核对象</span> <span>ALTER</span> SERVER AUDIT MyFileAudit <span>WITH</span>(STATE <span>=</span><span>OFF</span><span>) </span><span>--</span><span>禁用服务器级审核规范</span> <span>ALTER</span> SERVER AUDIT SPECIFICATION CaptureLoginsToFile <span>WITH</span> (STATE<span>=</span><span>OFF</span><span>) </span><span>GO</span> <span>--</span><span>禁用数据库级审核规范</span> <span>ALTER</span> <span>DATABASE</span> AUDIT SPECIFICATION CaptureDBLoginsToFile <span>WITH</span> (STATE<span>=</span><span>OFF</span><span>) </span><span>GO</span> <span>--</span><span>相关修改选项操作</span> <span>--</span><span>启用审核对象</span> <span>ALTER</span> SERVER AUDIT MyFileAudit <span>WITH</span>(STATE <span>=</span><span>ON</span><span>) </span><span>--</span><span>启用服务器级审核规范</span> <span>ALTER</span> SERVER AUDIT SPECIFICATION CaptureLoginsToFile <span>WITH</span> (STATE<span>=</span><span>ON</span><span>) </span><span>GO</span> <span>--</span><span>启用数据库级审核规范</span> <span>ALTER</span> <span>DATABASE</span> AUDIT SPECIFICATION CaptureDBLoginsToFile <span>WITH</span> (STATE<span>=</span><span>ON</span><span>) </span><span>GO</span>
登录后复制
审核服务器级别事件
审核服务级别事件,我们一般用得最多的就是审核登录失败的事件,下面的脚本就是审核登录成功事件和登录失败事件
<span>CREATE</span><span> SERVER AUDIT SPECIFICATION CaptureLoginsToFile </span><span>FOR</span><span> SERVER AUDIT MyFileAudit </span><span>ADD</span><span> (failed_login_group), </span><span>ADD</span><span> (successful_login_group) </span><span>WITH</span> (STATE<span>=</span><span>ON</span><span>) </span><span>GO</span>
登录后复制
修改审核规范
<span>--</span><span>跟审核对象一样,更改审核规范时必须将其禁用</span> <span>ALTER</span> SERVER AUDIT SPECIFICATION CaptureLoginsToFile <span>WITH</span> (STATE <span>=</span><span>OFF</span><span>) </span><span>ALTER</span><span> SERVER AUDIT SPECIFICATION CaptureLoginsToFile </span><span>ADD</span><span> (login_change_password_gourp), </span><span>DROP</span><span> (successful_login_group) </span><span>ALTER</span> SERVER AUDIT SPECIFICATION CaptureLoginsToFile <span>WITH</span> (STATE <span>=</span><span>ON</span><span>) </span><span>GO</span>
登录后复制
审核操作组
每个审核操作组对应一种操作,在SQLSERVER2008里一共有35个操作组,包括备份和还原操作,数据库所有权的更改,从服务器和数据库角色中添加或删除登录用户
添加审核操作组的只需在审核规范里使用ADD,下面语句添加了登录用户修改密码操作的操作组
<span>ADD</span> (login_change_password_gourp)
登录后复制
这里说一下服务器审核的内部实际上使用的是SQL2008新增的扩展事件里面的其中一个package:SecAudit package,当然他内部也是使用扩展事件来收集服务器信息
审核数据库级别事件
数据库审核规范存在于他们的数据库中,不能审核tempdb中的数据库操作
CREATE DATABASE AUDIT SPECIFICATION和ALTER DATABASE AUDIT SPECIFICATION
工作方式跟服务器审核规范一样
在SQLSERVER2008里一共有15个数据库级别的操作组
7个数据库级别的审核操作是:select ,insert,update,delete,execute,receive,references
相关脚本如下:
<span>--</span><span>创建审核对象</span> <span>USE</span> <span>[</span><span>master</span><span>]</span> <span>GO</span> <span>CREATE</span> SERVER AUDIT MyDBFileAudit <span>TO</span> <span>FILE</span>(FILEPATH<span>=</span><span>'</span><span>D:\sqldbaudits</span><span>'</span><span>) </span><span>GO</span> <span>ALTER</span> SERVER AUDIT MyDBFileAudit <span>WITH</span> (STATE<span>=</span><span>ON</span><span>) </span><span>GO</span> <span>--</span><span>创建数据库级别审核规范</span> <span>USE</span> <span>[</span><span>sss</span><span>]</span> <span>GO</span> <span>CREATE</span> <span>DATABASE</span><span> AUDIT SPECIFICATION CaptureDBActionToEventLog </span><span>FOR</span><span> SERVER AUDIT MyDBFileAudit </span><span>ADD</span><span> (database_object_change_group), </span><span>ADD</span> (<span>SELECT</span> ,<span>INSERT</span>,<span>UPDATE</span>,<span>DELETE</span> <span>ON</span> <span>schema</span>::dbo <span>BY</span> <span>PUBLIC</span><span>) </span><span>WITH</span> (STATE <span>=</span><span>ON</span>)
登录后复制
我们先在D盘创建sqldbaudits文件夹
第一个操作组对数据库中所有对象的DDL语句create,alter,drop等进行记录
第二个语句监视由任何public用户(也就是所有用户)对dbo架构的任何对象所做的DML操作
创建完毕之后可以在SSMS里看到相关的审核
数据库审核规范
服务器审核规范和审核对象
查看审核事件
被记录到文件系统的审核文件不是存储在可以利用记事本打开的文本文件中,而是采用二进制文件的方式
这里说一个,当磁盘空间不足的时候是可以直接删除这些SQLAUDIT文件
如果使用DDL触发器的方法:http://www.cnblogs.com/gaizai/p/3363220.html?ADUIN=1815357042&ADSESSION=1387155615&ADTAG=CLIENT.QQ.5275_.0&ADPUBNO=26274
一般都会在数据库里头创建一张表来保存审计数据,但是当表数据量达到很多的时候,DBA也需要去维护这张表
工作量又增加了,可能你会说,我需要审计的项目不多,所以审计的数据也不会太多,但对于某些大公司来说
他们要审计的数据是非常多的,有些需要归档,而有些不需要归档
对于不需要归档审计数据的情况,我比较喜欢这种方式,当磁盘容量不够的时候把最老的那个审计文件删除掉
当然,你可以把整个sqlaudits文件夹或某个sqlaudit文件进行备份,放到备份磁盘上,然后删除一些较老的sqlaudit文件
备份了之后以后就有机会对之前的审计数据进行翻查,都比较灵活
我们有两种方法查看审核日志
方法一:对象资源管理器-》安全性-》审核-》选中某个审核对象-》右键-》查看审核日志
审核项目包括有:日期、时间戳记、服务器实例名称、操作ID、类类型、序列号、成功或失败、列权限、数据库主体ID、服务器主体名称、
服务器主体SID、被执行的(或尝试)的实际语句等等
方法二:使用新的表值函数sys.[fn_get_audit_file]()
此函数接受一个或多个审核文件的参数(使用通配符模式匹配)
并利用另外两个附加参数可以指定要处理的起始文件,以及开始读取审核的已知偏移位置
这两个参数都是可选的,但依然必须使用关键字default指定,此函数随后从文件中读取二进制数据,并将格式化这些审核项目
服务器级别审核
根据最近时间的那个sqlaudit文件,查询这个文件里面的信息
<span>SELECT</span> <span>[</span><span>event_time</span><span>]</span> <span>AS</span> <span>'</span><span>触发审核的日期和时间</span><span>'</span><span> ,
sequence_number </span><span>AS</span> <span>'</span><span>单个审核记录中的记录顺序</span><span>'</span><span> ,
action_id </span><span>AS</span> <span>'</span><span>操作的 ID</span><span>'</span><span> ,
succeeded </span><span>AS</span> <span>'</span><span>触发事件的操作是否成功</span><span>'</span><span> ,
permission_bitmask </span><span>AS</span> <span>'</span><span>权限掩码</span><span>'</span><span> ,
is_column_permission </span><span>AS</span> <span>'</span><span>是否为列级别权限</span><span>'</span><span> ,
session_id </span><span>AS</span> <span>'</span><span>发生该事件的会话的 ID</span><span>'</span><span> ,
server_principal_id </span><span>AS</span> <span>'</span><span>执行操作的登录上下文 ID</span><span>'</span><span> ,
database_principal_id </span><span>AS</span> <span>'</span><span>执行操作的数据库用户上下文 ID</span><span>'</span><span> ,
target_server_principal_id </span><span>AS</span> <span>'</span><span>执行 GRANT/DENY/REVOKE 操作的服务器主体</span><span>'</span><span> ,
target_database_principal_id </span><span>AS</span> <span>'</span><span>执行 GRANT/DENY/REVOKE 操作的数据库主体</span><span>'</span><span> ,
</span><span>object_id</span> <span>AS</span> <span>'</span><span>发生审核的实体的 ID(服务器对象,DB,数据库对象,架构对象)</span><span>'</span><span> ,
class_type </span><span>AS</span> <span>'</span><span>可审核实体的类型</span><span>'</span><span> ,
session_server_principal_name </span><span>AS</span> <span>'</span><span>会话的服务器主体</span><span>'</span><span> ,
server_principal_name </span><span>AS</span> <span>'</span><span>当前登录名</span><span>'</span><span> ,
server_principal_sid </span><span>AS</span> <span>'</span><span>当前登录名 SID</span><span>'</span><span> ,
database_principal_name </span><span>AS</span> <span>'</span><span>当前用户</span><span>'</span><span> ,
target_server_principal_name </span><span>AS</span> <span>'</span><span>操作的目标登录名</span><span>'</span><span> ,
target_server_principal_sid </span><span>AS</span> <span>'</span><span>目标登录名的 SID</span><span>'</span><span> ,
target_database_principal_name </span><span>AS</span> <span>'</span><span>操作的目标用户</span><span>'</span><span> ,
server_instance_name </span><span>AS</span> <span>'</span><span>审核的服务器实例的名称</span><span>'</span><span> ,
database_name </span><span>AS</span> <span>'</span><span>发生此操作的数据库上下文</span><span>'</span><span> ,
schema_name </span><span>AS</span> <span>'</span><span>此操作的架构上下文</span><span>'</span><span> ,
</span><span>object_name</span> <span>AS</span> <span>'</span><span>审核的实体的名称</span><span>'</span><span> ,
statement </span><span>AS</span> <span>'</span><span>TSQL 语句(如果存在)</span><span>'</span><span> ,
additional_information </span><span>AS</span> <span>'</span><span>单个事件的唯一信息,以 XML 的形式返回</span><span>'</span><span> ,
</span><span>file_name</span> <span>AS</span> <span>'</span><span>记录来源的审核日志文件的路径和名称</span><span>'</span><span> ,
audit_file_offset </span><span>AS</span> <span>'</span><span>包含审核记录的文件中的缓冲区偏移量</span><span>'</span><span> ,
user_defined_event_id </span><span>AS</span> <span>'</span><span>作为 sp_audit_write 参数传递的用户定义事件 ID</span><span>'</span><span> ,
user_defined_information </span><span>AS</span> <span>'</span><span>于记录用户想要通过使用 sp_audit_write 存储过程记录在审核日志中的任何附加信息</span><span>'</span>
<span>FROM</span> sys.<span>[</span><span>fn_get_audit_file</span><span>]</span>(<span>'</span><span>D:\sqlaudits\MyFileAudit_F0BCDC6F-0A89-459D-B345-9DDEB036CC39_0_130595725124220000.sqlaudit</span><span>'</span><span>,
</span><span>DEFAULT</span>, <span>DEFAULT</span><span>)
</span><span>WHERE</span> <span>[</span><span>event_time</span><span>]</span> <span>BETWEEN</span> <span>'</span><span>2014-11-04 11:02:00</span><span>'</span>
<span>AND</span> <span>'</span><span>2014-11-04 11:18:00</span><span>'</span> 登录后复制
数据库级别审核
先执行下面脚本查询一些数据
<span>USE</span> <span>[</span><span>sss</span><span>]</span> <span>GO</span> <span>SELECT</span> <span>*</span> <span>FROM</span> <span>[</span><span>dbo</span><span>]</span>.<span>[</span><span>nums</span><span>]</span>
登录后复制
<span>SELECT</span> <span>[</span><span>event_time</span><span>]</span> <span>AS</span> <span>'</span><span>触发审核的日期和时间</span><span>'</span><span> ,
sequence_number </span><span>AS</span> <span>'</span><span>单个审核记录中的记录顺序</span><span>'</span><span> ,
action_id </span><span>AS</span> <span>'</span><span>操作的 ID</span><span>'</span><span> ,
succeeded </span><span>AS</span> <span>'</span><span>触发事件的操作是否成功</span><span>'</span><span> ,
permission_bitmask </span><span>AS</span> <span>'</span><span>权限掩码</span><span>'</span><span> ,
is_column_permission </span><span>AS</span> <span>'</span><span>是否为列级别权限</span><span>'</span><span> ,
session_id </span><span>AS</span> <span>'</span><span>发生该事件的会话的 ID</span><span>'</span><span> ,
server_principal_id </span><span>AS</span> <span>'</span><span>执行操作的登录上下文 ID</span><span>'</span><span> ,
database_principal_id </span><span>AS</span> <span>'</span><span>执行操作的数据库用户上下文 ID</span><span>'</span><span> ,
target_server_principal_id </span><span>AS</span> <span>'</span><span>执行 GRANT/DENY/REVOKE 操作的服务器主体</span><span>'</span><span> ,
target_database_principal_id </span><span>AS</span> <span>'</span><span>执行 GRANT/DENY/REVOKE 操作的数据库主体</span><span>'</span><span> ,
</span><span>object_id</span> <span>AS</span> <span>'</span><span>发生审核的实体的 ID(服务器对象,DB,数据库对象,架构对象)</span><span>'</span><span> ,
class_type </span><span>AS</span> <span>'</span><span>可审核实体的类型</span><span>'</span><span> ,
session_server_principal_name </span><span>AS</span> <span>'</span><span>会话的服务器主体</span><span>'</span><span> ,
server_principal_name </span><span>AS</span> <span>'</span><span>当前登录名</span><span>'</span><span> ,
server_principal_sid </span><span>AS</span> <span>'</span><span>当前登录名 SID</span><span>'</span><span> ,
database_principal_name </span><span>AS</span> <span>'</span><span>当前用户</span><span>'</span><span> ,
target_server_principal_name </span><span>AS</span> <span>'</span><span>操作的目标登录名</span><span>'</span><span> ,
target_server_principal_sid </span><span>AS</span> <span>'</span><span>目标登录名的 SID</span><span>'</span><span> ,
target_database_principal_name </span><span>AS</span> <span>'</span><span>操作的目标用户</span><span>'</span><span> ,
server_instance_name </span><span>AS</span> <span>'</span><span>审核的服务器实例的名称</span><span>'</span><span> ,
database_name </span><span>AS</span> <span>'</span><span>发生此操作的数据库上下文</span><span>'</span><span> ,
schema_name </span><span>AS</span> <span>'</span><span>此操作的架构上下文</span><span>'</span><span> ,
</span><span>object_name</span> <span>AS</span> <span>'</span><span>审核的实体的名称</span><span>'</span><span> ,
statement </span><span>AS</span> <span>'</span><span>TSQL 语句(如果存在)</span><span>'</span><span> ,
additional_information </span><span>AS</span> <span>'</span><span>单个事件的唯一信息,以 XML 的形式返回</span><span>'</span><span> ,
</span><span>file_name</span> <span>AS</span> <span>'</span><span>记录来源的审核日志文件的路径和名称</span><span>'</span><span> ,
audit_file_offset </span><span>AS</span> <span>'</span><span>包含审核记录的文件中的缓冲区偏移量</span><span>'</span><span> ,
user_defined_event_id </span><span>AS</span> <span>'</span><span>作为 sp_audit_write 参数传递的用户定义事件 ID</span><span>'</span><span> ,
user_defined_information </span><span>AS</span> <span>'</span><span>于记录用户想要通过使用 sp_audit_write 存储过程记录在审核日志中的任何附加信息</span><span>'</span>
<span>FROM</span> sys.<span>[</span><span>fn_get_audit_file</span><span>]</span>(<span>'</span><span>D:\sqldbaudits\MyDBFileAudit_698BA060-CC40-4A3C-B19D-12B370712404_0_130595753193920000.sqlaudit</span><span>'</span><span>,
</span><span>DEFAULT</span>, <span>DEFAULT</span>)登录后复制
将审核日志保存到文件系统的好处就是可以使用TVP里通过where 和order by对审核数据进行筛选和排序
和审核相关的视图
<span>--</span><span>查询审核相关视图</span> <span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>server_file_audits</span><span>]</span> <span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>server_audit_specifications</span><span>]</span> <span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>server_audit_specification_details</span><span>]</span> <span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>database_audit_specifications</span><span>]</span> <span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>database_audit_specification_details</span><span>]</span> <span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>dm_server_audit_status</span><span>]</span> <span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>dm_audit_actions</span><span>]</span> <span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>dm_audit_class_type_map</span><span>]</span>
登录后复制
删除相关对象
<span>--</span><span>删除顺序</span><span> --</span><span>删除数据库审核规范</span> <span>USE</span> <span>[</span><span>sss</span><span>]</span> <span>GO</span> <span>ALTER</span> <span>DATABASE</span> AUDIT SPECIFICATION <span>[</span><span>CaptureDBActionToEventLog</span><span>]</span> <span>WITH</span> (STATE<span>=</span><span>OFF</span><span>) </span><span>GO</span> <span>DROP</span> <span>DATABASE</span> AUDIT SPECIFICATION <span>[</span><span>CaptureDBActionToEventLog</span><span>]</span> <span>GO</span> <span>--</span><span>删除服务器审核规范</span> <span>USE</span> <span>[</span><span>master</span><span>]</span> <span>GO</span> <span>ALTER</span> SERVER AUDIT SPECIFICATION <span>[</span><span>CaptureLoginsToFile</span><span>]</span> <span>WITH</span> (STATE<span>=</span><span>OFF</span><span>) </span><span>GO</span> <span>DROP</span> SERVER AUDIT SPECIFICATION <span>[</span><span>CaptureLoginsToFile</span><span>]</span> <span>GO</span> <span>--</span><span>删除审核对象</span> <span>ALTER</span> SERVER AUDIT <span>[</span><span>MyFileAudit</span><span>]</span> <span>WITH</span> (STATE<span>=</span><span>OFF</span><span>) </span><span>GO</span> <span>ALTER</span> SERVER AUDIT <span>[</span><span>MyAppAudit</span><span>]</span> <span>WITH</span> (STATE<span>=</span><span>OFF</span><span>) </span><span>GO</span> <span>ALTER</span> SERVER AUDIT <span>[</span><span>MyEventLogAudit</span><span>]</span> <span>WITH</span> (STATE<span>=</span><span>OFF</span><span>) </span><span>GO</span> <span>DROP</span> SERVER AUDIT <span>[</span><span>MyAppAudit</span><span>]</span> <span>GO</span> <span>DROP</span> SERVER AUDIT <span>[</span><span>MyFileAudit</span><span>]</span> <span>GO</span> <span>DROP</span> SERVER AUDIT <span>[</span><span>MyEventLogAudit</span><span>]</span> <span>GO</span>
登录后复制
总结
本文概括介绍了SQLSERVER2008新增的审核功能,在SQLSERVER相关论坛里面“审核”这个话题是大家问得比较多的
希望通过这篇文章,能让大家认识新增的审核功能,在生产环境里面遇到问题也可以互相交流
而审核功能最大的好处是:你使用自建审计表来保存审计数据,如果聪明的黑客攻破你的数据库实例,他自然可以把你的那个审计表
drop掉,你同样查不出黑客的任何蛛丝马迹,而审核不同,他把审核数据放在SQLSERVER外面,除非你们公司的SA和DBA的安全意识
很弱,黑客有机会把磁盘文件删除掉,否则依然有可能查出黑客的蛛丝马迹进行预防!!
CREATE SERVER AUDIT (Transact-SQL)
SQL Server Audit Action Groups and Actions
sys.fn_get_audit_file (Transact-SQL)
如有不对的地方,欢迎大家拍砖o(∩_∩)o
补充:搬迁数据库后,数据库审核规范是不会删除的,你可以在新的数据库实例上再创建审核对象并把审核对象绑定到原来的数据库审核规范
<span>--</span><span>附加数据库,模拟搬迁数据库</span>
<span>USE</span> <span>[</span><span>master</span><span>]</span>
<span>GO</span>
<span>CREATE</span> <span>DATABASE</span> <span>[</span><span>MacFilter</span><span>]</span> <span>ON</span><span>
( FILENAME </span><span>=</span> N<span>'</span><span>E:\DataBase\MacFilter.mdf</span><span>'</span><span> ),
( FILENAME </span><span>=</span> N<span>'</span><span>E:\DataBase\MacFilter_log.ldf</span><span>'</span><span> )
</span><span>FOR</span><span> ATTACH
</span><span>GO</span>
<span>--</span><span>在新实例上重新创建审核对象</span>
<span>CREATE</span> SERVER AUDIT MyFileAudit <span>TO</span> <span>FILE</span><span>(
FILEPATH</span><span>=</span><span>'</span><span>E:\sqlaudits</span><span>'</span><span>,
MAXSIZE</span><span>=</span><span>4GB,
MAX_ROLLOVER_FILES</span><span>=</span><span>6</span><span>)
</span><span>WITH</span><span> (
ON_FAILURE</span><span>=</span><span>CONTINUE</span><span>,
QUEUE_DELAY</span><span>=</span><span>1000</span><span>);
</span><span>ALTER</span> SERVER AUDIT MyFileAudit <span>WITH</span>(STATE <span>=</span><span>ON</span><span>)
</span><span>--</span><span>修改原来的数据库级别审核规范</span>
<span>USE</span> <span>[</span><span>MacFilter</span><span>]</span>
<span>GO</span>
<span>ALTER</span> <span>DATABASE</span> AUDIT SPECIFICATION CaptureDBActionToEventLog <span>WITH</span> (STATE <span>=</span><span>OFF</span><span>)
</span><span>GO</span>
<span>--</span><span>重新绑定</span>
<span>ALTER</span> <span>DATABASE</span><span> AUDIT SPECIFICATION CaptureDBActionToEventLog
</span><span>FOR</span><span> SERVER AUDIT MyFileAudit
</span><span>WITH</span> (STATE <span>=</span><span>ON</span><span>)
</span><span>--</span><span>更新测试</span>
<span>UPDATE</span> <span>[</span><span>Mac_Table</span><span>]</span> <span>SET</span> <span>[</span><span>MAC</span><span>]</span><span>=</span><span>22</span> <span>WHERE</span> <span>[</span><span>PcName</span><span>]</span><span>=</span><span>'</span><span>android_3eb52207eb8b89ee</span><span>'</span>
<span>--</span><span>查询审核数据</span>
<span>SELECT</span> <span>[</span><span>event_time</span><span>]</span> <span>AS</span> <span>'</span><span>触发审核的日期和时间</span><span>'</span><span> ,
sequence_number </span><span>AS</span> <span>'</span><span>单个审核记录中的记录顺序</span><span>'</span><span> ,
action_id </span><span>AS</span> <span>'</span><span>操作的 ID</span><span>'</span><span> ,
succeeded </span><span>AS</span> <span>'</span><span>触发事件的操作是否成功</span><span>'</span><span> ,
permission_bitmask </span><span>AS</span> <span>'</span><span>权限掩码</span><span>'</span><span> ,
is_column_permission </span><span>AS</span> <span>'</span><span>是否为列级别权限</span><span>'</span><span> ,
session_id </span><span>AS</span> <span>'</span><span>发生该事件的会话的 ID</span><span>'</span><span> ,
server_principal_id </span><span>AS</span> <span>'</span><span>执行操作的登录上下文 ID</span><span>'</span><span> ,
database_principal_id </span><span>AS</span> <span>'</span><span>执行操作的数据库用户上下文 ID</span><span>'</span><span> ,
target_server_principal_id </span><span>AS</span> <span>'</span><span>执行 GRANT/DENY/REVOKE 操作的服务器主体</span><span>'</span><span> ,
target_database_principal_id </span><span>AS</span> <span>'</span><span>执行 GRANT/DENY/REVOKE 操作的数据库主体</span><span>'</span><span> ,
</span><span>object_id</span> <span>AS</span> <span>'</span><span>发生审核的实体的 ID(服务器对象,DB,数据库对象,架构对象)</span><span>'</span><span> ,
class_type </span><span>AS</span> <span>'</span><span>可审核实体的类型</span><span>'</span><span> ,
session_server_principal_name </span><span>AS</span> <span>'</span><span>会话的服务器主体</span><span>'</span><span> ,
server_principal_name </span><span>AS</span> <span>'</span><span>当前登录名</span><span>'</span><span> ,
server_principal_sid </span><span>AS</span> <span>'</span><span>当前登录名 SID</span><span>'</span><span> ,
database_principal_name </span><span>AS</span> <span>'</span><span>当前用户</span><span>'</span><span> ,
target_server_principal_name </span><span>AS</span> <span>'</span><span>操作的目标登录名</span><span>'</span><span> ,
target_server_principal_sid </span><span>AS</span> <span>'</span><span>目标登录名的 SID</span><span>'</span><span> ,
target_database_principal_name </span><span>AS</span> <span>'</span><span>操作的目标用户</span><span>'</span><span> ,
server_instance_name </span><span>AS</span> <span>'</span><span>审核的服务器实例的名称</span><span>'</span><span> ,
database_name </span><span>AS</span> <span>'</span><span>发生此操作的数据库上下文</span><span>'</span><span> ,
schema_name </span><span>AS</span> <span>'</span><span>此操作的架构上下文</span><span>'</span><span> ,
</span><span>object_name</span> <span>AS</span> <span>'</span><span>审核的实体的名称</span><span>'</span><span> ,
statement </span><span>AS</span> <span>'</span><span>TSQL 语句(如果存在)</span><span>'</span><span> ,
additional_information </span><span>AS</span> <span>'</span><span>单个事件的唯一信息,以 XML 的形式返回</span><span>'</span><span> ,
</span><span>file_name</span> <span>AS</span> <span>'</span><span>记录来源的审核日志文件的路径和名称</span><span>'</span><span> ,
audit_file_offset </span><span>AS</span> <span>'</span><span>包含审核记录的文件中的缓冲区偏移量</span><span>'</span>
<span>FROM</span> sys.<span>[</span><span>fn_get_audit_file</span><span>]</span>(<span>'</span><span>e:\sqlaudits\MyFileAudit_149774D4-C5D9-4700-9FA1-AF0E13CED504_0_130595854334250000.sqlaudit</span><span>'</span><span>,
</span><span>DEFAULT</span>, <span>DEFAULT</span>)登录后复制
脚本更新
<span>--</span><span>查看审核结果</span>
<span>--</span><span>--查询服务器审核事件</span>
<span>SELECT</span> fgaf.<span>[</span><span>event_time</span><span>]</span> <span>AS</span> <span>'</span><span>触发审核的日期和时间</span><span>'</span><span> ,
fgaf.sequence_number </span><span>AS</span> <span>'</span><span>单个审核记录中的记录顺序</span><span>'</span><span> ,
fgaf.action_id </span><span>AS</span> <span>'</span><span>操作的 ID</span><span>'</span><span> ,
fgaf.succeeded </span><span>AS</span> <span>'</span><span>触发事件的操作是否成功</span><span>'</span><span> ,
fgaf.permission_bitmask </span><span>AS</span> <span>'</span><span>权限掩码</span><span>'</span><span> ,
fgaf.is_column_permission </span><span>AS</span> <span>'</span><span>是否为列级别权限</span><span>'</span><span> ,
fgaf.session_id </span><span>AS</span> <span>'</span><span>发生该事件的会话的 ID</span><span>'</span><span> ,
fgaf.server_principal_id </span><span>AS</span> <span>'</span><span>执行操作的登录上下文 ID</span><span>'</span><span> ,
fgaf.database_principal_id </span><span>AS</span> <span>'</span><span>执行操作的数据库用户上下文 ID</span><span>'</span><span> ,
fgaf.target_server_principal_id </span><span>AS</span> <span>'</span><span>执行 GRANT/DENY/REVOKE 操作的服务器主体</span><span>'</span><span> ,
fgaf.target_database_principal_id </span><span>AS</span> <span>'</span><span>执行 GRANT/DENY/REVOKE 操作的数据库主体</span><span>'</span><span> ,
fgaf.</span><span>object_id</span> <span>AS</span> <span>'</span><span>发生审核的实体的 ID(服务器对象,DB,数据库对象,架构对象)</span><span>'</span><span> ,
fgaf.class_type </span><span>AS</span> <span>'</span><span>可审核实体的类型</span><span>'</span><span> ,
</span><span>--</span><span>[dactm].[class_type_desc] AS '可审核实体的类型描述' ,</span>
fgaf.session_server_principal_name <span>AS</span> <span>'</span><span>会话的服务器主体</span><span>'</span><span> ,
fgaf.server_principal_name </span><span>AS</span> <span>'</span><span>当前登录名</span><span>'</span><span> ,
fgaf.server_principal_sid </span><span>AS</span> <span>'</span><span>当前登录名 SID</span><span>'</span><span> ,
fgaf.database_principal_name </span><span>AS</span> <span>'</span><span>当前用户</span><span>'</span><span> ,
fgaf.target_server_principal_name </span><span>AS</span> <span>'</span><span>操作的目标登录名</span><span>'</span><span> ,
fgaf.target_server_principal_sid </span><span>AS</span> <span>'</span><span>目标登录名的 SID</span><span>'</span><span> ,
fgaf.target_database_principal_name </span><span>AS</span> <span>'</span><span>操作的目标用户</span><span>'</span><span> ,
fgaf.server_instance_name </span><span>AS</span> <span>'</span><span>审核的服务器实例的名称</span><span>'</span><span> ,
fgaf.database_name </span><span>AS</span> <span>'</span><span>发生此操作的数据库上下文</span><span>'</span><span> ,
fgaf.schema_name </span><span>AS</span> <span>'</span><span>此操作的架构上下文</span><span>'</span><span> ,
fgaf.</span><span>object_name</span> <span>AS</span> <span>'</span><span>审核的实体的名称</span><span>'</span><span> ,
fgaf.statement </span><span>AS</span> <span>'</span><span>TSQL 语句(如果存在)</span><span>'</span><span> ,
fgaf.additional_information </span><span>AS</span> <span>'</span><span>单个事件的唯一信息,以 XML 的形式返回</span><span>'</span><span> ,
fgaf.</span><span>file_name</span> <span>AS</span> <span>'</span><span>记录来源的审核日志文件的路径和名称</span><span>'</span><span> ,
fgaf.audit_file_offset </span><span>AS</span> <span>'</span><span>包含审核记录的文件中的缓冲区偏移量</span><span>'</span>
<span>FROM</span> sys.<span>[</span><span>fn_get_audit_file</span><span>]</span>(<span>'</span><span>E:\DataBaseAudit\ServerAudit\ServerFileAudit_9E770D97-AD49-466A-8367-7885850200F8_0_130596271711880000.sqlaudit</span><span>'</span><span>,
</span><span>DEFAULT</span>, <span>DEFAULT</span>) <span>AS</span><span> fgaf
</span><span>INNER</span> <span>JOIN</span> sys.<span>[</span><span>dm_audit_class_type_map</span><span>]</span> <span>AS</span> dactm <span>ON</span> <span>[</span><span>dactm</span><span>]</span>.<span>[</span><span>class_type</span><span>]</span> <span>=</span> <span>[</span><span>fgaf</span><span>]</span>.<span>[</span><span>class_type</span><span>]</span>
<span>WHERE</span> fgaf.<span>[</span><span>event_time</span><span>]</span> <span>BETWEEN</span> <span>'</span><span>2014-11-04</span><span>'</span>
<span>AND</span> <span>'</span><span>2014-11-06</span><span>'</span>
<span>ORDER</span> <span>BY</span> fgaf.<span>[</span><span>event_time</span><span>]</span>
<span>--</span><span>--查询某个数据库的审核事件</span>
<span>SELECT</span> fgaf.<span>[</span><span>event_time</span><span>]</span> <span>AS</span> <span>'</span><span>触发审核的日期和时间</span><span>'</span><span> ,
fgaf.sequence_number </span><span>AS</span> <span>'</span><span>单个审核记录中的记录顺序</span><span>'</span><span> ,
fgaf.action_id </span><span>AS</span> <span>'</span><span>操作的 ID</span><span>'</span><span> ,
fgaf.succeeded </span><span>AS</span> <span>'</span><span>触发事件的操作是否成功</span><span>'</span><span> ,
fgaf.permission_bitmask </span><span>AS</span> <span>'</span><span>权限掩码</span><span>'</span><span> ,
fgaf.is_column_permission </span><span>AS</span> <span>'</span><span>是否为列级别权限</span><span>'</span><span> ,
fgaf.session_id </span><span>AS</span> <span>'</span><span>发生该事件的会话的 ID</span><span>'</span><span> ,
fgaf.server_principal_id </span><span>AS</span> <span>'</span><span>执行操作的登录上下文 ID</span><span>'</span><span> ,
fgaf.database_principal_id </span><span>AS</span> <span>'</span><span>执行操作的数据库用户上下文 ID</span><span>'</span><span> ,
fgaf.target_server_principal_id </span><span>AS</span> <span>'</span><span>执行 GRANT/DENY/REVOKE 操作的服务器主体</span><span>'</span><span> ,
fgaf.target_database_principal_id </span><span>AS</span> <span>'</span><span>执行 GRANT/DENY/REVOKE 操作的数据库主体</span><span>'</span><span> ,
fgaf.</span><span>object_id</span> <span>AS</span> <span>'</span><span>发生审核的实体的 ID(服务器对象,DB,数据库对象,架构对象)</span><span>'</span><span> ,
fgaf.class_type </span><span>AS</span> <span>'</span><span>可审核实体的类型</span><span>'</span><span> ,
</span><span>[</span><span>dactm</span><span>]</span>.<span>[</span><span>class_type_desc</span><span>]</span> <span>AS</span> <span>'</span><span>可审核实体的类型描述</span><span>'</span><span> ,
fgaf.session_server_principal_name </span><span>AS</span> <span>'</span><span>会话的服务器主体</span><span>'</span><span> ,
fgaf.server_principal_name </span><span>AS</span> <span>'</span><span>当前登录名</span><span>'</span><span> ,
fgaf.server_principal_sid </span><span>AS</span> <span>'</span><span>当前登录名 SID</span><span>'</span><span> ,
fgaf.database_principal_name </span><span>AS</span> <span>'</span><span>当前用户</span><span>'</span><span> ,
fgaf.target_server_principal_name </span><span>AS</span> <span>'</span><span>操作的目标登录名</span><span>'</span><span> ,
fgaf.target_server_principal_sid </span><span>AS</span> <span>'</span><span>目标登录名的 SID</span><span>'</span><span> ,
fgaf.target_database_principal_name </span><span>AS</span> <span>'</span><span>操作的目标用户</span><span>'</span><span> ,
fgaf.server_instance_name </span><span>AS</span> <span>'</span><span>审核的服务器实例的名称</span><span>'</span><span> ,
fgaf.database_name </span><span>AS</span> <span>'</span><span>发生此操作的数据库上下文</span><span>'</span><span> ,
fgaf.schema_name </span><span>AS</span> <span>'</span><span>此操作的架构上下文</span><span>'</span><span> ,
fgaf.</span><span>object_name</span> <span>AS</span> <span>'</span><span>审核的实体的名称</span><span>'</span><span> ,
fgaf.statement </span><span>AS</span> <span>'</span><span>TSQL 语句(如果存在)</span><span>'</span><span> ,
fgaf.additional_information </span><span>AS</span> <span>'</span><span>单个事件的唯一信息,以 XML 的形式返回</span><span>'</span><span> ,
fgaf.</span><span>file_name</span> <span>AS</span> <span>'</span><span>记录来源的审核日志文件的路径和名称</span><span>'</span><span> ,
fgaf.audit_file_offset </span><span>AS</span> <span>'</span><span>包含审核记录的文件中的缓冲区偏移量</span><span>'</span>
<span>FROM</span> sys.<span>[</span><span>fn_get_audit_file</span><span>]</span>(<span>'</span><span>E:\DataBaseAudit\DBAudit_db\DBFileAudit_db%8O%89095_794BC4B9-4126-4CF7-BDD9-F24D8DA1CE70_0_130596271711960000.sqlaudit</span><span>'</span><span>,
</span><span>DEFAULT</span>, <span>DEFAULT</span>) <span>AS</span><span> fgaf
</span><span>INNER</span> <span>JOIN</span> sys.<span>[</span><span>dm_audit_class_type_map</span><span>]</span> <span>AS</span> dactm <span>ON</span> <span>[</span><span>dactm</span><span>]</span>.<span>[</span><span>class_type</span><span>]</span> <span>=</span> <span>[</span><span>fgaf</span><span>]</span>.<span>[</span><span>class_type</span><span>]</span>
<span>WHERE</span> fgaf.<span>[</span><span>event_time</span><span>]</span> <span>BETWEEN</span> <span>'</span><span>2014-11-04</span><span>'</span>
<span>AND</span> <span>'</span><span>2014-11-06</span><span>'</span>
<span>ORDER</span> <span>BY</span> fgaf.<span>[</span><span>event_time</span><span>]</span>
<span>--</span><span>服务器审核规范详细</span>
<span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>server_audit_specification_details</span><span>]</span>
<span>--</span><span>数据库审核规范详细</span>
<span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>database_audit_specification_details</span><span>]</span>
<span>SELECT</span> <span>*</span> <span>FROM</span> sys.<span>[</span><span>dm_audit_actions</span><span>]</span> 登录后复制
本站声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
热AI工具
Undresser.AI Undress
人工智能驱动的应用程序,用于创建逼真的裸体照片
AI Clothes Remover
用于从照片中去除衣服的在线人工智能工具。
Undress AI Tool
免费脱衣服图片
Clothoff.io
AI脱衣机
AI Hentai Generator
免费生成ai无尽的。
热门文章
刺客信条阴影:贝壳谜语解决方案
3 周前
By DDD
Windows 11 KB5054979中的新功能以及如何解决更新问题
2 周前
By DDD
在哪里可以找到原子中的起重机控制钥匙卡
3 周前
By DDD
节省R.E.P.O.解释(并保存文件)
1 个月前
By 尊渡假赌尊渡假赌尊渡假赌
刺客信条阴影 - 如何找到铁匠,解锁武器和装甲定制
4 周前
By DDD
热工具
记事本++7.3.1
好用且免费的代码编辑器
SublimeText3汉化版
中文版,非常好用
禅工作室 13.0.1
功能强大的PHP集成开发环境
Dreamweaver CS6
视觉化网页开发工具
SublimeText3 Mac版
神级代码编辑软件(SublimeText3)
热门话题
豆包app有什么功能
Mar 01, 2024 pm 10:04 PM
豆包app里会有很多ai创作的功能,那么豆包app有什么功能呢?用户们可以通过这个软件来创作绘画,和ai进行聊天,还能够为用户生成文章,帮助大家搜索歌曲等。这篇豆包app功能介绍就能够告诉大家具体的操作方法,下面就是具体内容,赶紧看看吧!豆包app有什么功能答:可以绘画、聊天、写文、找歌。功能介绍:1、问题查询:可以通过ai来更快的找到问题的答案,什么样的问题都是可以询问。2、图片生成:可以有ai来为大家创建不同的图片,只需要告诉大家大概的要求。3、ai聊天:能够为用户们创建一个可以聊天的ai,
vivox100s和x100区别:性能对比及功能解析
Mar 23, 2024 pm 10:27 PM
vivox100s和x100手机都是vivo手机产品线中的代表机型,它们分别代表了vivo在不同时间段内的高端技术水平,因此这两款手机在设计、性能和功能上均有一定区别。本文将从性能对比和功能解析两个方面对这两款手机进行详细比较,帮助消费者更好地选择适合自己的手机。首先,我们来看vivox100s和x100在性能方面的对比。vivox100s搭载了最新的
对比分析JPA和MyBatis的功能和性能
Feb 19, 2024 pm 05:43 PM
JPA和MyBatis:功能与性能对比分析引言:在Java开发中,持久化框架扮演着非常重要的角色。常见的持久化框架包括JPA(JavaPersistenceAPI)和MyBatis。本文将对这两个框架的功能和性能进行对比分析,并提供具体的代码示例。一、功能对比:JPA:JPA是JavaEE的一部分,提供了一种面向对象的数据持久化解决方案。它通过注解或X
自媒体到底是什么?它的主要特点和功能有哪些?
Mar 21, 2024 pm 08:21 PM
随着互联网的快速发展,自媒体这个概念已经深入人心。那么,自媒体到底是什么?它有哪些主要特点和功能呢?接下来,我们将一一探讨这些问题。一、自媒体到底是什么?自媒体,顾名思义,就是自己就是媒体。它是指通过互联网平台,个人或者团队可以自主创建、编辑、发布和传播内容的信息载体。不同于传统媒体,如报纸、电视、电台等,自媒体具有更强的互动性和个性化,让每个人都能成为信息的生产者和传播者。二、自媒体的主要特点和功能有哪些?1.低门槛:自媒体的崛起降低了进入媒体行业的门槛,不再需要繁琐的设备和专业的团队,一部手
小红书账号管理软件有哪些功能?怎么经营小红书账号?
Mar 21, 2024 pm 04:16 PM
随着小红书在年轻人中的流行,越来越多的人开始利用这一平台分享各方面的经验和生活见解。如何有效管理多个小红书账号成为一个关键问题。在本文中,我们将讨论一些小红书账号管理软件的功能,并探讨如何更好地经营小红书账号。随着社交媒体的发展,许多人发现自己需要管理多个社交账号。对于小红书用户来说,这也是一个挑战。一些小红书账号管理软件可以帮助用户更轻松地管理多个账号,包括自动发布内容、定时发布、数据分析等功能。通过这些工具,用户可以更高效地管理他们的账号,提高账号的曝光率和关注度。另一、小红书账号管理软件有
PHP技巧:快速实现返回上一页功能
Mar 09, 2024 am 08:21 AM
PHP技巧:快速实现返回上一页功能在网页开发中,经常会遇到需要实现返回上一页的功能。这样的操作可以提高用户体验,让用户更加方便地在网页之间进行导航。在PHP中,我们可以通过一些简单的代码来实现这一功能。本文将介绍如何快速实现返回上一页功能,并提供具体的PHP代码示例。在PHP中,我们可以使用$_SERVER['HTTP_REFERER']来获取上一页的URL
什么是Discuz?Discuz的定义和功能介绍
Mar 03, 2024 am 10:33 AM
《探索Discuz:定义、功能及代码示例》随着互联网的迅猛发展,社区论坛已经成为人们获取信息、交流观点的重要平台。在众多的社区论坛系统中,Discuz作为国内较为知名的一种开源论坛软件,备受广大网站开发者和管理员的青睐。那么,什么是Discuz?它又有哪些功能,能为我们的网站提供怎样的帮助呢?本文将对Discuz进行详细介绍,并附上具体的代码示例,帮助读者更
Linux下GDM的功能和作用详解
Mar 01, 2024 pm 04:18 PM
Linux下GDM的功能和作用详解在Linux操作系统中,GDM(GNOMEDisplayManager)是一种图形化登录管理器,它提供了用户在系统中登录和注销的界面。GDM通常是GNOME桌面环境的一部分,但也可以被其他桌面环境所使用。GDM的作用不仅仅是提供一个登录界面,还包括用户会话管理、屏幕保护、自动登录等功能。GDM的功能主要包括以下几个方面:
