前言:实现的功能主要是,oracle登录成功记录登录用户ip地址,登录失败记录登录失败ip地址
1,需要建立一个触发器记录登录成功的客户端用户的ip地址
大家都知道在v$session 中记录着客户端的机器名称,但是没有IP , 如果记录clinet ip 呢?先运行DBMS_SESSION 过程包注册,然后执行存储过程on_logon_trigger,这样当客户端登陆后,在v$session的client_info列会记录其相应的IP信息。
利用 DBMS_SESSION 过程包,先执行
1
2
3
4
5
|
BEGIN
DBMS_SESSION.set_identifier(SYS_CONTEXT(
'USERENV'
,
'IP_ADDRESS'
));
END;
|
再执行触发器trigger
1
2
3
4
5
6
7
8
9
|
createorreplacetrigger on_logon_trigger
after logon ondatabase
begin
dbms_application_info.set_client_info(sys_context(
'userenv'
,
'ip_address'
) );
end;
|
执行这些过程包触发器需要dba权限。
2,然后使用超级管理员通过plsql登录,就可以查看连接上oracle的ip信息:
执行查询SQL:
1
2
3
4
5
6
7
|
select username,program,machine,client_info,sys_context(
'userenv'
,
'ip_address'
) as ipadd
from v$session s
where username isnotnull
orderby username,program,machine;
|
信息如下所示:
3,建立触发器实现登录失败的时候记录日志信息:
写一个触发器,触发器的信息记录在alert日志里面,通过查看alert日志来获取登录失败的用户信息。
触发器如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
CREATE OR REPLACE TRIGGERlogon_denied_to_alert
AFTER servererror ON DATABASE
DECLARE
message VARCHAR2(
168
);
ip VARCHAR2(
15
);
v_os_user VARCHAR2(
80
);
v_module VARCHAR2(
50
);
v_action VARCHAR2(
50
);
v_pid VARCHAR2(
10
);
v_sid NUMBER;
v_program VARCHAR2(
48
);
BEGIN
IF(ora_is_servererror(
1017
)) THEN
-- get ip FOR remote connections :
IF upper(sys_context(
'userenv'
,
'network_protocol'
)) =
'TCP'
THEN
ip := sys_context(
'userenv'
,
'ip_address'
);
END IF;
SELECT sid INTO v_sid FROM sys.v_$mystat WHERE rownum <
2
;
SELECT p.spid, v.program
INTO v_pid, v_program
FROM v$process p, v$session v
WHERE p.addr = v.paddr
AND v.sid = v_sid;
v_os_user := sys_context(
'userenv'
,
'os_user'
);
dbms_application_info.read_module(v_module, v_action);
message := to_char(SYSDATE,
'YYYYMMDD HH24MISS'
) ||
' logon denied from '
|| nvl(ip,
'localhost'
) ||
' '
||
v_pid ||
' '
|| v_os_user ||
'with '
|| v_program ||
' – '
||
v_module ||
' '
|| v_action;
sys.dbms_system.ksdwrt(
2
, message);
ENDIF;
END;
/
|
执行报错:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Compilation errors
for
TRIGGERPOWERDESK.LOGON_DENIED_TO_ALERT
Error: PLS-
00201
: identifier
'SYS.DBMS_SYSTEM'
must be declared
Line:
35
Text: sys.dbms_system.ksdwrt(
2
, message);
Error: PL/SQL: Statement ignored
Line:
35
Text: sys.dbms_system.ksdwrt(
2
, message);
|
需要赋予权限
grant execute on sys.dbms_system topowerdesk;
之后执行成功了。
4,登录失败查看alert信息
Pslql登录,如下图所示:
再去后台查看alert日志,就会看到失败信息记录:
Fri May 15 19:11:09 2015
20150515 191109 logon denied from192.168.120.169 20934 Administrator with plsqldev.exe ? plsqldev.exe
20150515 191109 logon denied from192.168.120.169 20934 Administrator with plsqldev.exe ? plsqldev.exe
Fri May 15 19:11:18 2015
20150515 191118 logon denied from192.168.120.169 20958 Administrator with plsqldev.exe ? plsqldev.exe
20150515 191118 logon denied from 192.168.120.16920958 Administrator with plsqldev.exe ? plsqldev.exe