Roxanne25
asked on
Oracle Log on/Log off tracking
Hi, I found another experts exchange topic that directed me to this website: http://www.dba-oracle.com/art_builder_sec_audit.htm to create a custom user log on / log off table in the database. I thought this was really neat and wanted to use it.
I was able to get the log on trigger created and it works... however, I can't get the log off trigger to work.
Whenever I try to execute the code to save the trigger it says:
8/35 PL/SQL: ORA-00942: table or view does not exist
5/1 PL/SQL: SQL Statement ignored
And it highlights this part of the code:
BEFORE LOGOFF ON DATABASE
I am running Oracle 11g ... did they remove this key word? I have verified that my actual table names within the procedure are correct. Attached is the code I'm trying to execute.
I was able to get the log on trigger created and it works... however, I can't get the log off trigger to work.
Whenever I try to execute the code to save the trigger it says:
8/35 PL/SQL: ORA-00942: table or view does not exist
5/1 PL/SQL: SQL Statement ignored
And it highlights this part of the code:
BEFORE LOGOFF ON DATABASE
I am running Oracle 11g ... did they remove this key word? I have verified that my actual table names within the procedure are correct. Attached is the code I'm trying to execute.
create or replace trigger
logoff_audit_trigger
BEFORE LOGOFF ON DATABASE
BEGIN
-- ***************************************************
-- Update the last action accessed
-- ***************************************************
update
PAYROLL.SYSTEM_USER_LOG
set
last_action = (select action from v$session where
sys_context('USERENV','SESSIONID') = audsid)
where
sys_context('USERENV','SESSIONID') = session_id;
--***************************************************
-- Update the last program accessed
-- ***************************************************
update
payroll.system_user_log
set
last_program = (select program from v$session where
sys_context('USERENV','SESSIONID') = audsid)
where
sys_context('USERENV','SESSIONID') = session_id;
-- ***************************************************
-- Update the last module accessed
-- ***************************************************
update
payroll.system_user_log
set
last_module = (select module from v$session where
sys_context('USERENV','SESSIONID') = audsid)
where
sys_context('USERENV','SESSIONID') = session_id;
-- ***************************************************
-- Update the logoff day
-- ***************************************************
update
payroll.system_user_log
set
logoff_day = sysdate
where
sys_context('USERENV','SESSIONID') = session_id;
-- ***************************************************
-- Update the logoff time
-- ***************************************************
update
payroll.system_user_log
set
logoff_time = to_char(sysdate, 'hh24:mi:ss')
where
sys_context('USERENV','SESSIONID') = session_id;
-- ***************************************************
-- Compute the elapsed minutes
-- ***************************************************
update
payroll.system_user_log
set
elapsed_minutes =
round((logoff_day - logon_day)*1440)
where
sys_context('USERENV','SESSIONID') = session_id;
END;
mrjoltcola
You are running the create trigger script as a DBA, correct?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Beware, doing logon auditing this way is dangerous. Consider using the builtin audit features for this. If your trigger is messed up, you cannot login to Oracle.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What would be the "giving yourself an alternate way to log on" method?
ASKER
for the permission granting... I assume instead of granting select to "system" I would need to grant it to the user that I'm trying to create the trigger with. Or does the grant statement specifically need to be for "system"?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you understand the point I made about not using multiple update statements, when a single update statement can do the job (*MUCH* more efficiently) for multiple columns? That can make a huge difference in the size and efficiency of your custom programs.
ASKER
Hmm, it is logging SYS because in the logon one I'm filtering it out. I could just put an if statement on the code though right to say don't do the code if the user is SYS?
ASKER
Oh yes, I do... i will use your refined code for the update! I hadn't really thought about that since I grabbed that code off the article on the web. :)
ASKER
Ok, great thank you for everyone's help... I got it to work and I put in an IF statement to allow me to log on as SYS if something goes wrong. I don't think its capturing for the user that owns the trigger though... because I never see entries in the table for that user. So, I'm assuming I'd still be able to log on as that user as well.
The only thing I'm slightly annoyed about is it's not populating the last_action field... :(
The only thing I'm slightly annoyed about is it's not populating the last_action field... :(
Look at the "action" column in v$session for some active sessions. If your application does not populate that automatically, then your trigger will not invent a value for this column when there is nothing there.
ASKER
Well yes, I know it won't magically appear...but I was hoping it was capturing that. :)
If you control the source code of your application, you can simply add a call to: dbms_application_info.set_
to set a value in the "action" column of v$session.
to set a value in the "action" column of v$session.
ASKER
hmmmm....thank you. I might look into that. :) I'm just starting to get into Oracle again ...i've been a sql server person for many years!
In my opinion, there are a *LOT* more differences than similarities between SQL Server and Oracle! If you know SQL Server pretty well, do *NOT* assume that Oracle works the same way, because in most cases it doesn't. I'm not saying that either one is better than the other, but they are very different in their underlying approaches to many things, including especially: record locking and read consistency; how dates are handled; how null values are handled; whether temporary tables are needed or not; how disk space is managed in the database; whether stored procedures return result sets or not; whether table, column and procedure names are case-sensitive or not, etc.
ASKER
Yup Yup... I am in total agreement. :) Which is why I'm stumbling a bit trying to figure some of this stuff out. Even the differences from PL/SQL to T-SQL are quite numerous. I also seem to have way more places to look for stuff than I did in SQL. I used to do Oracle stuff like 6 years or so ago but never from a DBA standpoint... so I'm kind of getting a crash course in Oracle DBA's for dummies! :)