ORACLE9I数据库用户DDL语句审计
本帖最后由 ioriakyo 于 2014-8-11 11:10 编辑
作者:
通过DDL触发器进行DDL语句审计
[@more@]1.创建日志表
-- Create table
create table T_ZYK_AUDIT_DDL
(
DDL_TIME DATE,
SESSION_ID NUMBER,
OS_USER VARCHAR2(200),
IP_ADDRESS VARCHAR2(200),
TERMINAL VARCHAR2(200),
HOST VARCHAR2(200),
USER_NAME VARCHAR2(30),
DDL_TYPE VARCHAR2(30),
OBJECT_TYPE VARCHAR2(18),
OWNER VARCHAR2(30),
OBJECT_NAME VARCHAR2(128),
SQL_TEXT VARCHAR2(4000)
);
-- Add comments to the columns
comment on column T_ZYK_AUDIT_DDL.DDL_TIME
is '时间';
comment on column T_ZYK_AUDIT_DDL.SESSION_ID
is '会话ID';
comment on column T_ZYK_AUDIT_DDL.OS_USER
is '终端OS用户';
comment on column T_ZYK_AUDIT_DDL.IP_ADDRESS
is '终端IP地址';
comment on column T_ZYK_AUDIT_DDL.TERMINAL
is '终端';
comment on column T_ZYK_AUDIT_DDL.HOST
is '终端主机名';
comment on column T_ZYK_AUDIT_DDL.USER_NAME
is 'ORACLE用户名';
comment on column T_ZYK_AUDIT_DDL.DDL_TYPE
is 'DDL操作的类型';
comment on column T_ZYK_AUDIT_DDL.OBJECT_TYPE
is '操作的对象类型';
comment on column T_ZYK_AUDIT_DDL.OWNER
is '对象的所有者';
comment on column T_ZYK_AUDIT_DDL.OBJECT_NAME
is '对象的名称';
comment on column T_ZYK_AUDIT_DDL.SQL_TEXT
is 'SQL语句';
2.创建审计DDL触发器
create or replace trigger tri_zyk_ddl
after ddl on wlrk.schema
/*触发器功能:对某个用户下的DDL语句进行审计,日志记录到t_zyk_audit_ddl表中,注:该例子是对wlrk用户进行审计*/
declare
sql_text ora_name_list_t;
i integer;
state_sql varchar2(4000);
begin
--获取DDL语句
for i in 1..ora_sql_txt(sql_text) loop
state_sql := state_sql||sql_text(i);
end loop;
--如果语句长度大于4000,则取前4000个字符
state_sql :=substrb(state_sql,1,4000);
--插入日志表
insert into t_zyk_audit_ddl
(ddl_time,
session_id,
os_user,
ip_address,
terminal,
host,
user_name,
ddl_type,
object_type,
owner,
object_name,
sql_text)
values
(sysdate,
sys_context('USERENV','SESSIONID'),
sys_context('USERENV','OS_USER'),
sys_context('USERENV','IP_ADDRESS'),
sys_context('USERENV','TERMINAL'),
sys_context('USERENV','HOST'),
ora_login_user,
ora_sysevent,
ora_dict_obj_type,
ora_dict_obj_owner,
ora_dict_obj_name,
state_sql
);
exception when others then
null;
end;