[20200429]記錄不成功的登入在alert檔案.txt

lfree發表於2020-04-29
原文網址 : http://blog.itpub.net/267265/viewspace-2689116/

[20200429]記錄不成功的登入在alert檔案.txt

--//別人的系統要求將不成功的登陸記錄在alert中.自己隨手寫一個.利用sys.DBMS_SYSTEM.ksdwrt函式寫alert的功能。
--//主要原因有一些團隊安裝資料庫沒有將sys.aud$移動到別的表空間,而且11g確實審計登入不管成功失敗。
--//我個人建議根據應用情況修改為取消成功登入審計,並且移動sys.aud$到別的表空間。
NOAUDIT CREATE SESSION WHENEVER SUCCESSFUL;

0.建立觸發器:
/* Formatted on 2020/4/29 9:01:30 (QP5 v5.269.14213.34769) */
CREATE OR REPLACE TRIGGER failed_login_write_alertlog
   AFTER SERVERERROR
   ON DATABASE
DECLARE
   l_message   VARCHAR2 (4000);
BEGIN
   -- add and set client_ip to application_info
   DBMS_APPLICATION_INFO.set_client_info
   (
      NVL (SYS_CONTEXT ('userenv', 'ip_address'), '127.0.0.1')
   );

   -- ORA-1017: invalid username/password
   IF (IS_SERVERERROR (1017))
   THEN
      SELECT    TO_CHAR (SYSDATE, 'yyyy-mm-dd hh24:mi:ss')
             || ': failed login username - '
             || SYS_CONTEXT ('userenv', 'authenticated_identity')
             || ' at '
             || TO_CHAR (logon_time, 'yyyy-mm-dd hh24:mi:ss')
             || ' from '
             || osuser
             || '@'
             || machine
             || ' - '
             || ' ip_address -'
             || NVL (SYS_CONTEXT ('userenv', 'ip_address'), '127.0.0.1')
             || ' via the program - '
             || program
        INTO l_message
        FROM v$session
       WHERE sid IN (SELECT SID
                       FROM v$mystat
                      WHERE ROWNUM =1);

      -- write to alert log
      sys.DBMS_SYSTEM.ksdwrt (2, l_message);
   END IF;
END;
/
--//注:我喜歡使用DBMS_APPLICATION_INFO.set_client_info,這樣v$session欄位CLIENT_INFO記錄IP地址。不喜歡可以去掉那段程式碼。

1.環境:
SYS@book> @ ver1
PORT_STRING                    VERSION        BANNER
------------------------------ -------------- --------------------------------------------------------------------------------
x86_64/Linux 2.4.xx            11.2.0.4.0     Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

2.測試:
sqlplus scott/xxxx
sqlplus scott/xxxx@book
sqlplus scott/xxx@78

3.檢查alert顯示:
$ tail -f alert_book.log | ts.awk
[2020-04-29 09:03:52] Wed Apr 29 09:03:51 2020
[2020-04-29 09:03:52] 2020-04-29 09:03:51: failed login username - scott at 2020-04-29 09:03:51 from oracle@xxyyydg4 -  ip_address -127.0.0.1 via the program - sqlplus@xxyyydg4 (TNS V1-V3)
[2020-04-29 09:04:00] Wed Apr 29 09:03:59 2020
[2020-04-29 09:04:00] 2020-04-29 09:03:59: failed login username - scott at 2020-04-29 09:03:59 from oracle@xxyyydg4 -  ip_address -192.168.100.78 via the program - sqlplus@xxyyydg4 (TNS V1-V3)
[2020-04-29 09:04:44] Wed Apr 29 09:04:43 2020
[2020-04-29 09:04:44] 2020-04-29 09:04:43: failed login username - scott at 2020-04-29 09:04:43 from Administrator@WORKGROUP\BCPxxx -  ip_address -192.168.xx.xx via the program - sqlplus.exe

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/267265/viewspace-2689116/,如需轉載,請註明出處,否則將追究法律責任。

相關文章