Basic user-logon auditing
Oracle 8i introduced logon-triggers which could be used for auditing.
To start, create a table which will store your audit-logs (I usually do this as SYSTEM):
1 2 3 4 5 6 7 8 9 10 | CREATE TABLE audit$user_logs ( user_id varchar2(30), session_id number(8), host varchar2(30), logon_day date, logon_time varchar2(10) ); TABLE created. |
Next, create the trigger to capture the data:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | CREATE OR REPLACE TRIGGER logon_audit_trigger AFTER LOGON ON DATABASE BEGIN INSERT INTO audit$user_logs VALUES( user, sys_context('USERENV','SESSIONID'), sys_context('USERENV','HOST'), sysdate, to_char(sysdate, 'hh24:mi:ss') ); END; / TRIGGER created. |
To list the audit-data:
1 2 3 4 5 6 7 | SQL> SELECT * FROM audit$user_logs; USER_ID SESSION_ID HOST LOGON_DAY LOGON_TIME --------------- ---------- ------------------ --------- ---------- DBSNMP 123716 HOST 01-OCT-08 10:21:32 SYSTEM 123717 DOMAIN\PCNUMBER 01-OCT-08 10:21:53 SYSMAN 0 HOST 01-OCT-08 10:21:58 |
To disable and enable the auditing:
1 2 3 4 | ALTER TRIGGER SYSTEM.LOGON_AUDIT_TRIGGER DISABLE / ALTER TRIGGER SYSTEM.LOGON_AUDIT_TRIGGER ENABLE / |
To purge audit-data:
1 | TRUNCATE TABLE audit$user_logs |
