DDL触发器监控脚本部署步骤 以下操作请使用sys用户: --第一步:创建表(此表主要保存ddl触发器产生的信息),可以根据不同的业务,使用相关的监控用户,在此监控用户为c##upctest 从可维护性考虑,此表要长期保存ddl触发器产生的信息,建议采用范围分区. CREATE TABLE c##upctest.STATS$DDL_AUDIT ( USER_NAME VARCHAR2(30) , SID NUMBER, INST_ID NUMBER, IP_ADDRESS VARCHAR2(20), OSUSER VARCHAR2(30), MACHINE VARCHAR2(64), OBJ_OWNER VARCHAR2(30), OBJ_NAME VARCHAR2(128), OBJ_TYPE VARCHAR2(18), DDL_TIME DATE, DDL_TYPE VARCHAR2(30), DDL_SQL VARCHAR2(4000) ) PARTITION BY RANGE (DDL_TIME) (PARTITION P_R_201912 VALUES LESS THAN (TO_DATE('2019-12-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')), PARTITION P_R_202001 VALUES LESS THAN (TO_DATE('2020-01-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')), PARTITION P_R_202002 VALUES LESS THAN (TO_DATE('2020-02-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')), PARTITION P_R_202003 VALUES LESS THAN (TO_DATE('2020-03-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202004 VALUES LESS THAN (TO_DATE('2020-04-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202005 VALUES LESS THAN (TO_DATE('2020-05-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202006 VALUES LESS THAN (TO_DATE('2020-06-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202007 VALUES LESS THAN (TO_DATE('2020-07-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202008 VALUES LESS THAN (TO_DATE('2020-08-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202009 VALUES LESS THAN (TO_DATE('2020-09-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202010 VALUES LESS THAN (TO_DATE('2020-10-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202011 VALUES LESS THAN (TO_DATE('2020-11-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202012 VALUES LESS THAN (TO_DATE('2020-12-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_PMAX VALUES LESS THAN (TO_DATE('2099-01-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) ) COMMENT ON COLUMN STATS$DDL_AUDIT.USER_NAME IS '登陆用户名'; COMMENT ON COLUMN STATS$DDL_AUDIT.SID IS 'session id'; COMMENT ON COLUMN STATS$DDL_AUDIT.INST_ID IS '实例号'; COMMENT ON COLUMN STATS$DDL_AUDIT.IP_ADDRESS IS '客户端ip地址'; COMMENT ON COLUMN STATS$DDL_AUDIT.OSUSER IS '客户端操作系统用户名'; COMMENT ON COLUMN STATS$DDL_AUDIT.MACHINE IS '客户端执行的机器'; COMMENT ON COLUMN STATS$DDL_AUDIT.OBJ_OWNER IS 'DDL操作对象的所有者'; COMMENT ON COLUMN STATS$DDL_AUDIT.OBJ_NAME IS 'DDL操作所对应的数据库对象名'; COMMENT ON COLUMN STATS$DDL_AUDIT.OBJ_TYPE IS 'DDL操作所对应的数据库对象的类型'; COMMENT ON COLUMN STATS$DDL_AUDIT.DDL_TIME IS 'DDL操作时间'; COMMENT ON COLUMN STATS$DDL_AUDIT.DDL_TYPE IS '触发器的系统事件名称'; COMMENT ON COLUMN STATS$DDL_AUDIT.DDL_SQL IS 'DDL语句'; --2:创建ddl监控触发器(表STATS$DDL_AUDIT的用户是c##upctest,可根据自己的业务进行修改) CREATE OR REPLACE TRIGGER sys.TRG_DDL_AUDIT AFTER DDL ON DATABASE DECLARE v_sql_text ora_name_list_t; v_ddl_sql c##upctest.STATS$DDL_AUDIT.ddl_sql%TYPE; v_len NUMBER; v_piece_len NUMBER; v_sid NUMBER; v_machine VARCHAR2(64); v_osuser VARCHAR2(30); BEGIN -- Get DDL SQL statement v_len := 0; FOR i IN 1..ora_sql_txt(v_sql_text) LOOP v_piece_len := length(v_sql_text(i)); EXIT WHEN v_len + v_piece_len > 4000; v_ddl_sql := v_ddl_sql||v_sql_text(i); v_len := v_len + v_piece_len; END LOOP; -- get sid and machine from audsid SELECT sid,machine,osuser INTO v_sid,v_machine,v_osuser FROM v$session where sid=userenv('sid'); -- insert to audit table INSERT INTO c##upctest.STATS$DDL_AUDIT ( user_name, sid, inst_id, ip_address, osuser, machine, obj_owner, obj_name, obj_type, ddl_time, ddl_type, ddl_sql ) VALUES ( ora_login_user, v_sid, ora_instance_num, sys_context('userenv','ip_address'), -- ora_client_ip_address seems no use here? v_osuser, v_machine, ora_dict_obj_owner, ora_dict_obj_name, ora_dict_obj_type, SYSDATE, ora_sysevent, v_ddl_sql ); EXCEPTION WHEN OTHERS THEN NULL; END trg_ddl_audit; 此触发器可适用操作范围: alter ,drop create ,truncate ,analyze,comment,grant,revoke,rename,noaudit,audit,disassociate statistics,associate,statistics 以及分区表针对分区的truncate,drop ,split,add,exchange操作(因为分区表的这些操作都属于alter) 第三步:STATS$DDL_AUDIT表维护 1:首先创建好下一年的表STATS$DDL_AUDIT_2020 CREATE TABLE c##upctest.STATS$DDL_AUDIT_2020 ( USER_NAME VARCHAR2(30) , SID NUMBER, INST_ID NUMBER, IP_ADDRESS VARCHAR2(20), OSUSER VARCHAR2(30), MACHINE VARCHAR2(64), OBJ_OWNER VARCHAR2(30), OBJ_NAME VARCHAR2(128), OBJ_TYPE VARCHAR2(18), DDL_TIME DATE, DDL_TYPE VARCHAR2(30), DDL_SQL VARCHAR2(4000) ) PARTITION BY RANGE (DDL_TIME) ( PARTITION P_R_202001 VALUES LESS THAN (TO_DATE('2020-01-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')), PARTITION P_R_202002 VALUES LESS THAN (TO_DATE('2020-02-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')), PARTITION P_R_202003 VALUES LESS THAN (TO_DATE('2020-03-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202004 VALUES LESS THAN (TO_DATE('2020-04-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202005 VALUES LESS THAN (TO_DATE('2020-05-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202006 VALUES LESS THAN (TO_DATE('2020-06-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202007 VALUES LESS THAN (TO_DATE('2020-07-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202008 VALUES LESS THAN (TO_DATE('2020-08-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202009 VALUES LESS THAN (TO_DATE('2020-09-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202010 VALUES LESS THAN (TO_DATE('2020-10-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202011 VALUES LESS THAN (TO_DATE('2020-11-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_202012 VALUES LESS THAN (TO_DATE('2020-12-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) , PARTITION P_R_PMAX VALUES LESS THAN (TO_DATE('2099-01-01 00:00:00', 'YYYY-MM-DD HH24:MI:SS')) ) 2:alter TRIGGER sys.TRG_DDL_AUDIT disable; --3,4 两步在c##upctest用户下执行 3:rename STATS$DDL_AUDIT to STATS$DDL_AUDIT_2020 4:rename STATS$DDL_AUDIT_2020 to STATS$DDL_AUDIT; 5:alter trigger sys.TRG_DDL_AUDIT compile; 6:alter TRIGGER sys.TRG_DDL_AUDIT enable; 客户端ip触发器脚本监控 功能说明:记录客户端ip地址到v$session视图中的client_info 字段中 CREATE OR REPLACE TRIGGER SYS.TRG_USER_LOGON after logon on database begin dbms_application_info.set_client_info(sys_context('userenv','ip_address')); end;