■Keyword:
audit login logon logoff audit session
■正文:
可以使用数据库的审计功能,监视数据库用户的登录和注销信息。
具体为通过使用audit session 命令,无论连接是否成功都会被审计。
例:
SQL> audit session;
通过使用audit session whenever successful 命令,成功的连接会被审计。
例:
SQL> audit session whenever successful;
通过使用audit session whenever successful 命令,失败的连接会被审计。
例:
SQL> audit session whenever not successful;
取消审计
例:
SQL> noaudit session;
可以通过dba_priv_audit_opts视图查看设定的审计。
例:
SQL> select * from sys.dba_priv_audit_opts;
可以通过DBA_AUDIT_SESSION视图查看审计结果。
例:
SQL> select * from DBA_AUDIT_SESSION;
■执行例:
SQL> conn / as sysdba
Connected.
SQL> show parameter audit
NAME TYPE VALUE
----------------------------- ----------- ------------------------------
audit_file_dest string app/12.2.0.1/oracle/admin/orcl12201/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
unified_audit_sga_queue_size integer 1048576
SQL> select * from DBA_AUDIT_SESSION;
no rows selected
SQL> audit session;
Audit succeeded.
SQL> conn a/a;
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> select OS_USERNAME,USERNAME,TIMESTAMP,LOGOFF_TIME,RETURNCODE from DBA_AUDIT_SESSION;
OS_USERNAME USERNAME TIMESTAMP LOGOFF_TI RETURNCODE
-------------------- -------------------- --------- --------- ----------
oracle A 11-SEP-18 1017
SQL> noaudit session;
Noaudit succeeded.
SQL> select OS_USERNAME,USERNAME,TIMESTAMP,LOGOFF_TIME,RETURNCODE from DBA_AUDIT_SESSION;
OS_USERNAME USERNAME TIMESTAMP LOGOFF_TI RETURNCODE
-------------------- -------------------- --------- --------- ----------
oracle A 11-SEP-18 1017
参考:
Home/Database/Oracle/Oracle Database/Release 18
Database Reference
https://docs.oracle.com/en/database/oracle/oracle-database/18/refrn/DBA_AUDIT_SESSION.html
>4.116 DBA_AUDIT_SESSION
https://docs.oracle.com/en/database/oracle/oracle-database/18/refrn/DBA_PRIV_AUDIT_OPTS.html
>5.248 DBA_PRIV_AUDIT_OPTS
领取专属 10元无门槛券
私享最新 技术干货