I have a trigger for failed login to catch who is the user trying to login, but fails so far. Here is the trigger:
CREATE OR REPLACE TRIGGER test
after servererror on database
BEGIN
If (ORA_IS_SERVERERROR(1017)) Then
insert into test_tb values (user, ora_login_user, SYS_CONTEXT ('USERENV', 'OS_USER') , '-1017', userenv('terminal'), sysdate);
End If;
End;
/
CREATE OR REPLACE TRIGGER test
after servererror on database
declare
pragma autonomous_transaction;
BEGIN
If (ORA_IS_SERVERERROR(1017)) Then
insert into test_tb values (user, ora_login_user, SYS_CONTEXT ('USERENV', 'OS_USER') , '-1017', userenv('terminal'), sysdate);
commit;
End If;
End;
/
But the user and ora_login_user fields are still not capturing anything or I miss something? Any advice?
If there is an error with the insert, then you probably won't see it.
Did you test the insert statement? You should have an exception
when others then capture the error in a log table.
Thanks gandolf989. Yes, I did have exception, but not helping. I think the problem is when there is failed login and when the trigger fires at the time of servererror, the username is not collected. I am able to get os user, sid and the rest into a log table but just not the username.
However, if I have another trigger after the log table is being upated, I was able to get the username from dba_audit_session. The user info does not seem to exist until the trigger of servererror.
I can workaround with 2 triggers, but hoping to have one trigger instead of 2. Any idea on how to get the username?
you might also look at the Oracle Audit features.
You can audit for failed connections for example.
It would probably work better than a system level trigger.
You can even keep the log in the database.
Reply With Quote
Bookmarks