|
|
本帖最后由 kinghow 于 2016-3-4 14:23 编辑
每天用户登录、登出次数
SELECT gp,
USERNAME,
action_name,
COUNT(*)AScnt
FROM (SELECT TRUNC(timestamp) AS gp, USERNAME,action_name
FROM dba_audit_trail
WHERE timestamp>=SYSDATE-3)
GROUP BY gp, USERNAME,action_name
ORDER BY gp DESC, USERNAME,action_name;
每10分钟用户登录登出次数
SELECT gp, action_name,COUNT(*) AS cnt
FROM(SELECT timestamp,
TRUNC(timestamp,'mi')
- MOD(TO_CHAR(timestamp,'mi'), 10)/24 / 60
AS gp,
action_name
FROM dba_audit_trail
WHERE timestamp>SYSDATE-1)
GROUP BY gp, action_name
ORDER BY gp DESC;
每天用户在线时长
select a.USERNAME,a.USERHOST,TRUNC(a.timestamp),sum((b.timestamp-a.timestamp))*24*60*60 "session_time(S)"from (select USERNAME,USERHOST,sessionid,timestamp from dba_audit_trail where entryid=1 and timestamp>SYSDATE-7) a,
(select USERNAME,USERHOST,sessionid,timestamp from dba_audit_trail where entryid=2 and timestamp>SYSDATE-7) b
where a.sessionid=b.sessionid
group by a.USERNAME,a.USERHOST,TRUNC(a.timestamp)
order by a.USERNAME,a.USERHOST,TRUNC(a.timestamp)
用户在线时长直方图分布
with v1 as(select a.sessionid,(b.timestamp-a.timestamp)*24*60*60 session_times from (select sessionid,timestamp from dba_audit_trail where entryid=1 and timestamp>SYSDATE-1) a,
(select sessionid,timestamp from dba_audit_trail where entryid=2 and timestamp>SYSDATE-1) b
where a.sessionid=b.sessionid)
SELECT session_times_histogram * 500 Spend_Bucket, COUNT(*) aa
FROM( SELECT WIDTH_BUCKET(session_times,
0,
5000,
10)
AS session_times_histogram
FROM v1)
GROUP BY session_times_histogram * 500
ORDER BY 1;
最近3天密码错误次数统计,可以看看有没有人尝试暴力破解的:
select os_username,userhost,username,count(*) from dba_audit_trail
where returncode = 1017 and timestamp>SYSDATE-3
group by os_username,userhost,username
having count(*)>10
SELECT * FROM( SELECT username,
userhost,
timestamp,
action_name
FROM dba_audit_trail
WHERE returncode = 1017 and username='XXX'
ORDER BY timestamp DESC)
WHERE ROWNUM<=100
|
|
楼主: kinghow
IP卡
狗仔卡
发表于 2016-2-16 16:14
显身卡
楼主
