| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: 'Auditing' user connections
An easy way is to look at your $ORACLE_HOME/network/log/listener.log, if you're using it. The trick is if you want to do any heavy-duty analysis, you'll probably want to get that info in the DB. Because listener logging formats can vary between instances (I *think* it has to do with how it's defined on the client -- in TNSNAMES.ORA, ONAMES, or OID), you might need something icky like this for SQL*Loader:
load data
infile '/tmp/listener.log'
badfile 'listener.err'
append
into table MY_DBA.listener_log
when (43) = 'Q'
trailing nullcols
(timestamp position(1:20) date "DD-MON-YYYY HH24:MI:SS",
skip1 FILLER char terminated by '=',
sidname enclosed by "(SID=" and ")",
skip2 FILLER char terminated by "=",
program enclosed by "(PROGRAM=" and ")",
hostname enclosed by "(HOST=" and ")",
osuser enclosed by "(USER=" and ")))",
skip3 FILLER char terminated by '=',
skip4 FILLER char terminated by '=',
skip5 FILLER char terminated by ')',
ipaddr enclosed by "(HOST=" and ")"
)
(timestamp position(1:20) date "DD-MON-YYYY HH24:MI:SS",
skip1 FILLER char terminated by '=',
sidname enclosed by "(SID=" and ")",
skip2 FILLER char terminated by "=",
program enclosed by "(PROGRAM=" and ")",
hostname enclosed by "(HOST=" and ")",
osuser enclosed by "(USER=" and ")))",
skip3 FILLER char terminated by '=',
skip4 FILLER char terminated by '=',
skip5 FILLER char terminated by ')',
ipaddr enclosed by "(HOST=" and ")"
)
(timestamp position(1:20) date "DD-MON-YYYY HH24:MI:SS",
skip1 FILLER char terminated by '=',
sidname enclosed by "(SID=" and ")",
skip2 FILLER char terminated by "(CID=",
program enclosed by "(PROGRAM=" and ")",
hostname enclosed by "(HOST=" and ")",
osuser enclosed by "(USER=" and ")))",
skip3 FILLER char terminated by '=',
skip4 FILLER char terminated by '=',
skip5 FILLER char terminated by ')',
ipaddr enclosed by "(HOST=" and ")"
)
Not having used it recently, I'm not sure how this would look for an external file's definition.
Hope this drivel helps! GL!
Rich
-----Original Message-----
Sent: Monday, August 16, 2004 2:51 PM
Subject: 'Auditing' user connections
I have been asked to track user connections to a database (9.2) to see what logins are being used, where they are coming from, etc. Auditing first comes to mind, but our maintenance window for a db restart is not for a few weeks and the information is being requested ASAP. The first thing that comes to mind is a database logon trigger and a table to capture the relevant information.
Before I go down this path, I want to make certain that other, more viable, options don't really exist. All connections (except dba) are coming from external sources. I'm looking into SQL*Net settings right now, but nothing jumps out at me as a complete solution.
Any assistance, ideas, gotchas are appreciated.
Daniel Fink
-- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------Received on Mon Aug 16 2004 - 15:22:57 CDT
 |
 |