1、创建登录审计表,保存用户登录信息,使用DBA用户。

BYS@bys1>show user
USER is "BYS"
BYS@bys1>select * from user_role_privs;
USERNAME                       GRANTED_ROLE                   ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
BYS                            DBA                            NO  YES NO
BYS@bys1>CREATE TABLE log_audit(login_date DATE,logoff_date date,username VARCHAR2(20),user_ip varchar2(20),error_code varchar2(15));
Table created.

2、创建用户登录错误触发器--注意用户名和表名

CREATE OR REPLACE TRIGGER log_errors AFTER SERVERERROR ON DATABASE


BEGIN


IF (IS_SERVERERROR (1017)) THEN


insert into bys.log_audit (login_date,error_code) values(sysdate,'ORA-1017');


END IF;


END;


/


3、创建用户登录触发器

CREATE OR REPLACE TRIGGER logon_audit AFTER LOGON ON DATABASE


BEGIN


insert into bys.log_audit(login_date,username,user_ip) values(sysdate,user,ora_client_ip_address);


END;


/


4、创建用户退出触发器

CREATE OR REPLACE TRIGGER logoff_audit BEFORE LOGOFF ON DATABASE
BEGIN
insert into bys.log_audit (logoff_date,username,user_ip) values(sysdate,user,ora_client_ip_address);
END;
/

5、测试审计情况


使用不同的用户做一些登陆,退出;并远程登陆测试IP能否被记录,结果如下:


SQL> select * from log_audit;


LOGIN_DATE  LOGOFF_DATE USERNAME             USER_IP              ERROR_CODE


----------- ----------- -------------------- -------------------- ---------------


2013-9-6 12             SCOTT                                     


            2013-9-6 12 SCOTT                                     


2013-9-6 12                                                       ORA-1017


2013-9-6 12             SYS                                       


2013-9-6 12             BYS                  192.168.1.102        


2013-9-6 12             SYS                                       


            2013-9-6 12 SYS                                       


2013-9-6 12             BYS                  192.168.1.102