我需要帮助编写触发器/审核/程序来获取会话详细信息,例如模块、DML/DDL 程序、由“SYS”或“SYSTEM”在特定模式上执行的 DCL,例如人力资源。
CASE1:这是为获取 sys 用户的所有操作而创建的审核策略。 Unified_audit_trail没有程序
create audit policy sys_connection_log
actions all
when q'~ sys_context('userenv', 'session_user') = 'SYS' AND sys_context('userenv','IP_ADDRESS') is not null ~'
evaluate per statement
only toplevel;
CASE2:这是 after ddl 触发器,用于获取当前模式中所有 DDL 执行会话详细信息。这不是捕获系统架构详细信息
CREATE OR REPLACE TRIGGER sys_connection_log
AFTER DDL ON SCHEMA
declare
os_user varchar2(128);
v_sid number;
v_sessuser varchar2(128);
v_program varchar2(128);
v_module varchar2(128);
v_client_ip varchar2(128);
PRAGMA AUTONOMOUS_TRANSACTION;
begin
execute immediate
'select distinct sid from v$mystat' into v_sid;
execute immediate
'select osuser, program,module from gv$session where sid = :b1'
into os_user, v_program,v_module using v_sid;
select sys_context('userenv','SESSION_USER') into v_sessuser from dual;
select sys_context('userenv','IP_ADDRESS') into v_client_ip from dual;
insert into sys_connection_log values
(os_user, systimestamp,v_sessuser, v_client_ip, v_program,v_module);
commit;
end;
/
CASE3:这是登录触发器,用于获取 SYS 执行的除后台进程之外的所有操作。这不会捕获模块详细信息,因为模块是在登录后设置的
create or replace trigger sys.log_sys_connections after logon on database
declare
os_user varchar2(128);
v_sid number;
v_sessuser varchar2(128);
v_program varchar2(128);
v_module varchar2(128);
v_client_ip varchar2(128);
begin
IF USER = 'SYS' AND sys_context('userenv','IP_ADDRESS') is not null
then
execute immediate
'select distinct sid from sys.v$mystat' into v_sid;
execute immediate
'select osuser, program,module from sys.gv$session where type <>''BACKGROUND'' and sid = :b1'
into os_user, v_program,v_module using v_sid;
select sys_context('userenv','SESSION_USER') into v_sessuser from dual;
select sys_context('userenv','IP_ADDRESS') into v_client_ip from dual;
insert into sys.sys_connection_log values
(os_user, systimestamp,v_sessuser, v_client_ip, v_program,v_module);
commit;
end if;
end;
/