According to the shortcomings of database audit technical, Put forward a method of designing a real time and security risk capacity database audit subsystem based on database sessions. The system records the user's operation behavior, hand the illegal invasion behavior actively, adding the active prevention ability of the audit system, it can advance the "post audit analysis" to "after the timely processing ". The system proved effective in improving the security of databases, protect business and user information.