前言:實現的功能主要是,oracle登錄成功記錄登錄用戶ip地址,登錄失敗記錄登錄失敗ip地址
1,需要建立一個觸發器記錄登錄成功的客戶端用戶的ip地址
大家都知道在v$session 中記錄着客戶端的機器名稱,但是沒有IP , 如果記錄clinet ip 呢?先運行DBMS_SESSION 過程包注冊,然后執行存儲過程on_logon_trigger,這樣當客戶端登陸后,在v$session的client_info列會記錄其相應的IP信息。
利用 DBMS_SESSION 過程包,先執行
|
1
2
3
4
5
|
BEGIN
DBMS_SESSION.set_identifier(SYS_CONTEXT(
'USERENV'
,
'IP_ADDRESS'
));
END;
|
再執行觸發器trigger
|
1
2
3
4
5
6
7
8
9
|
createorreplacetrigger on_logon_trigger
after logon ondatabase
begin
dbms_application_info.set_client_info(sys_context(
'userenv'
,
'ip_address'
) );
end;
|
執行這些過程包觸發器需要dba權限。
2,然后使用超級管理員通過plsql登錄,就可以查看連接上oracle的ip信息:
執行查詢SQL:
|
1
2
3
4
5
6
7
|
select username,program,machine,client_info,sys_context(
'userenv'
,
'ip_address'
) as ipadd
from v$session s
where username isnotnull
orderby username,program,machine;
|
信息如下所示:
3,建立觸發器實現登錄失敗的時候記錄日志信息:
寫一個觸發器,觸發器的信息記錄在alert日志里面,通過查看alert日志來獲取登錄失敗的用戶信息。
觸發器如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
CREATE OR REPLACE TRIGGERlogon_denied_to_alert
AFTER servererror ON DATABASE
DECLARE
message VARCHAR2(
168
);
ip VARCHAR2(
15
);
v_os_user VARCHAR2(
80
);
v_module VARCHAR2(
50
);
v_action VARCHAR2(
50
);
v_pid VARCHAR2(
10
);
v_sid NUMBER;
v_program VARCHAR2(
48
);
BEGIN
IF(ora_is_servererror(
1017
)) THEN
-- get ip FOR remote connections :
IF upper(sys_context(
'userenv'
,
'network_protocol'
)) =
'TCP'
THEN
ip := sys_context(
'userenv'
,
'ip_address'
);
END IF;
SELECT sid INTO v_sid FROM sys.v_$mystat WHERE rownum <
2
;
SELECT p.spid, v.program
INTO v_pid, v_program
FROM v$process p, v$session v
WHERE p.addr = v.paddr
AND v.sid = v_sid;
v_os_user := sys_context(
'userenv'
,
'os_user'
);
dbms_application_info.read_module(v_module, v_action);
message := to_char(SYSDATE,
'YYYYMMDD HH24MISS'
) ||
' logon denied from '
|| nvl(ip,
'localhost'
) ||
' '
||
v_pid ||
' '
|| v_os_user ||
'with '
|| v_program ||
' – '
||
v_module ||
' '
|| v_action;
sys.dbms_system.ksdwrt(
2
, message);
ENDIF;
END;
/
|
執行報錯:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Compilation errors
for
TRIGGERPOWERDESK.LOGON_DENIED_TO_ALERT
Error: PLS-
00201
: identifier
'SYS.DBMS_SYSTEM'
must be declared
Line:
35
Text: sys.dbms_system.ksdwrt(
2
, message);
Error: PL/SQL: Statement ignored
Line:
35
Text: sys.dbms_system.ksdwrt(
2
, message);
|
需要賦予權限
grant execute on sys.dbms_system topowerdesk;
之后執行成功了。
4,登錄失敗查看alert信息
Pslql登錄,如下圖所示:
再去后台查看alert日志,就會看到失敗信息記錄:
Fri May 15 19:11:09 2015
20150515 191109 logon denied from192.168.120.169 20934 Administrator with plsqldev.exe ? plsqldev.exe
20150515 191109 logon denied from192.168.120.169 20934 Administrator with plsqldev.exe ? plsqldev.exe
Fri May 15 19:11:18 2015
20150515 191118 logon denied from192.168.120.169 20958 Administrator with plsqldev.exe ? plsqldev.exe
20150515 191118 logon denied from 192.168.120.16920958 Administrator with plsqldev.exe ? plsqldev.exe