建立trigger:
CREATE OR REPLACE TRIGGER logon_denied_write_alertlog AFTER SERVERERROR ON DATABASE
DECLARE
l_message varchar2(2000);
BEGIN
-- ORA-1017: invalid username/password; logon denied
IF (IS_SERVERERROR(1017)) THEN
select 'Failed login attempt to the "'|| sys_context('USERENV' ,'AUTHENTICATED_IDENTITY') ||'" schema'
|| ' using ' || sys_context ('USERENV', 'AUTHENTICATION_TYPE') ||' authentication'
|| ' at ' || to_char(logon_time,'dd-MON-yy hh24:mi:ss' )
|| ' from ' || osuser ||'@'||machine ||' ['||nvl(sys_context ('USERENV', 'IP_ADDRESS'),'Unknown IP')||']'
|| ' via the "' ||program||'" program.'
into l_message
from sys .v_$session
where sid = to_number(substr(dbms_session.unique_session_id,1 ,4), 'xxxx')
and serial# = to_number(substr(dbms_session.unique_session_id,5 ,4), 'xxxx');
-- write to alert log
sys.dbms_system.ksdwrt( 2,l_message );
END IF;
END;
这样,当发生错误时,会在alert日志中记录用户名,主机名,IP地址等信息
如下:
2019-05-22T10:04:34.769140+08:00
Failed login attempt to the "TESTER" schema using OS authentication at 22-5鏈?-19 10:04:33 from DESKTOP-6H12RFR\chenyj@WORKGROUP\DESKTOP-6H12RFR [127.0.0.1] via the "sqlplus.exe" program.
2019-05-22T10:06:35.735924+08:00
参考: