Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

can i identify the often some login requests in oracle auditing?

Posted on 2011-04-19
7
Medium Priority
?
780 Views
Last Modified: 2013-12-18
Hi,
i want to know the some often login users in the database. how many users and also how much time they are spending in database,once they login to the database.i want to know the time difference between login and logout..i want to know the how much time the user spending on the database.

for example when query this sql statement  i am getting the results like this

SQL> select os_username,
  2  username,
  3  decode(returncode,'0','successful','1005','Failed Null',
  4  '1017','Logon Failed',returncode) pass_fail,
  5  to_char(timestamp, 'MM/DD/YY HH24:MI:SS') timein,
  6  to_char(logoff_time,'MM/DD/YY HH24:MI:SS') timeout
  7  from dba_audit_session;

 

OS_USERNAM  USERNAME    PASS_FAIL    TIMEIN            TIMEOUT                  
----------           -----------        ------------      -----------------  -----------------        
                          TEST          successful   03/08/11 10:03:56 03/08/11 10:03:56        
USER1               TEST          successful   03/08/11 10:19:34                          
USER1               TEST          successful   03/08/11 10:19:37                          
                          TEST          successful   03/08/11 10:19:37 03/08/11 10:19:37        
                          DEV           successful   03/08/11 10:47:23 03/08/11 10:47:23        
USER2              DEV           successful   03/08/11 12:06:36                          
USER2              DEV           Logon Failed 03/07/11 17:10:27                          
OS_USERNAM USERNAME    PASS_FAIL    TIMEIN            TIMEOUT                  
----------           -----------        ------------  ----------------- -----------------        
USER2               DEV         successful   03/10/11 15:56:06                          
USER2               DEV         successful   03/10/11 15:56:08                          
USER2               DEV         successful   03/10/11 15:58:26                          
0
Comment
Question by:Cha1tu
  • 4
  • 3
7 Comments
 
LVL 40

Expert Comment

by:mrjoltcola
ID: 35433582
Something like this, I suppose. Extend to your needs:

-- Distinct users who have logged in
select count distinct username from dba_audit_session

-- Total time spent by users
select username, sum(logoff_time - timestamp) from dba_audit_session group by username
0
 
LVL 2

Author Comment

by:Cha1tu
ID: 35435830
@mrjoltcola: Awesome ..Thanks for ur response
0
 
LVL 2

Author Comment

by:Cha1tu
ID: 35441109
@mrjoltcola:

SQL> select username, sum(logoff_time - timestamp) from dba_audit_session group
by username
  2  ;

USERNAME           SUM(LOGOFF_TIME-TIMESTAMP)
------------------              --------------------------
test                                            0
dev                                            0
prod                                           0
stage                                         0
admin                                         0

Can you see this results..i suppose to get the sum results as digits right? but why here getting all '0' s .
can please tell me that ?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 40

Expert Comment

by:mrjoltcola
ID: 35447841
Oops, sorry. I forgot how dba_audit_session table works. You have to self-join the logon record to the logoff record, I believe. Try these.

 -- Total logon time ever for each user (within audit history)
select username, trunc(sum(logoff_time - logon_time) * 24 * 60) minutes from
 (select username, timestamp logon_time, sessionid from dba_audit_session where action_name = 'LOGON') logon
 join
 (select logoff_time, sessionid from dba_audit_session where action_name = 'LOGOFF') logoff
 on logon.sessionid = logoff.sessionid
 group by username


 -- Average logon time per session
 select username, trunc(avg(logoff_time - logon_time) * 24 * 60) minutes from
 (select username, timestamp logon_time, sessionid from dba_audit_session where action_name = 'LOGON') logon
 join
 (select logoff_time, sessionid from dba_audit_session where action_name = 'LOGOFF') logoff
 on logon.sessionid = logoff.sessionid
 group by username

Open in new window

0
 
LVL 2

Author Comment

by:Cha1tu
ID: 35491999
@mrjoltcola:

here its giving the results like
USERNAME                       MINUTES

test                                            9
dev                                            0
prod                                           3
stage                                         15
admin                                         0



Thats fine can you please tell me  how to find userhost and terminal from which server

Thanks
0
 
LVL 2

Author Comment

by:Cha1tu
ID: 35492018
need to identify from where.  Also, may need to look at only certain accounts and possibly compare time for spikes.
0
 
LVL 40

Accepted Solution

by:
mrjoltcola earned 2000 total points
ID: 35492587
Since the same users could be coming from different hosts, this could change the query. So if you want to keep 1 line for each user, and just assume the host doesn't change, I'd do this:

select username, max(userhost), max(terminal), trunc(sum(logoff_time - logon_time) * 24 * 60) minutes from
 (select username, userhost, terminal, timestamp logon_time, sessionid from dba_audit_session where action_name = 'LOGON') logon
 join
 (select logoff_time, sessionid from dba_audit_session where action_name = 'LOGOFF') logoff
 on logon.sessionid = logoff.sessionid
 group by username

Open in new window


The above will be a better query for an environment where user's don't move around. But if they do, or they share usernames, you might want the below...

select username, userhost, terminal, trunc(sum(logoff_time - logon_time) * 24 * 60) minutes from
 (select username, userhost, terminal, timestamp logon_time, sessionid from dba_audit_session where action_name = 'LOGON') logon
 join
 (select logoff_time, sessionid from dba_audit_session where action_name = 'LOGOFF') logoff
 on logon.sessionid = logoff.sessionid
 group by username, userhost, terminal

Open in new window

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever had to make fundamental changes to a table in Oracle, but haven't been able to get any downtime?  I'm talking things like: * Dropping columns * Shrinking allocated space * Removing chained blocks and restoring the PCTFREE * Re-or…
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
This video explains what a user managed backup is and shows how to take one, providing a couple of simple example scripts.
This video shows how to copy an entire tablespace from one database to another database using Transportable Tablespace functionality.
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question