建立trigger:
CREATE OR REPLACE TRIGGER logon_denied_write_alertlog AFTER SERVERERROR ON DATABASE DECLARE l_message varchar2(2000); BEGIN -- ORA-1017: invalid username/password; logon denied IF (IS_SERVERERROR(1017)) THEN select 'Failed login attempt to the "'|| sys_context('USERENV' ,'AUTHENTICATED_IDENTITY') ||'" schema' || ' using ' || sys_context ('USERENV', 'AUTHENTICATION_TYPE') ||' authentication' || ' at ' || to_char(logon_time,'dd-MON-yy hh24:mi:ss' ) || ' from ' || osuser ||'@'||machine ||' ['||nvl(sys_context ('USERENV', 'IP_ADDRESS'),'Unknown IP')||']' || ' via the "' ||program||'" program.' into l_message from sys .v_$session where sid = to_number(substr(dbms_session.unique_session_id,1 ,4), 'xxxx') and serial# = to_number(substr(dbms_session.unique_session_id,5 ,4), 'xxxx'); -- write to alert log sys.dbms_system.ksdwrt( 2,l_message ); END IF; END;
这样,当发生错误时,会在alert日志中记录用户名,主机名,IP地址等信息
如下:
2019-05-22T10:04:34.769140+08:00
Failed login attempt to the "TESTER" schema using OS authentication at 22-5鏈?-19 10:04:33 from DESKTOP-6H12RFR\chenyj@WORKGROUP\DESKTOP-6H12RFR [127.0.0.1] via the "sqlplus.exe" program.
2019-05-22T10:06:35.735924+08:00
参考: https://www.dba-resources.com/oracle/finding-the-origin-of-failed-login-attempts/
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/8520577/viewspace-2645197/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/8520577/viewspace-2645197/