说明:一般不建议开启登录审计,因为这会占用大量的系统资源。
以下操作都通过系统管理员职责进行操作。
1. 开启配置文件“登录:审计层”,根据需要是全局,还是用户层;
2. 启用并发管理器中“OAM Generic Collection Service:XXXX”,此服务默认不启动,直接在前台界面查询出来激活即可;
3. 通过以下命令查询,可以限制需要查询的用户的用户名等相关信息。
SELECT L.LOGIN_ID,
L.USER_ID,
L.START_TIME LOGIN_TIME,
NVL(F.START_TIME, NVL(R.START_TIME, L.START_TIME)) FORM_TIME,
USR.USER_NAME,
RSP.RESPONSIBILITY_NAME,
FRM.USER_FORM_NAME,
(SELECT IPADDRESS
FROM FND_OAM_FORMS_RTI OFRI
WHERE 1 = 1
AND (TO_CHAR(OFRI.PID) = NVL(SF.PROCESS, SR.PROCESS) OR
NVL(SF.PROCESS, SR.PROCESS) =
CONCAT(CONCAT(TO_CHAR(OFRI.PID), ':'),
TO_CHAR(OFRI.THREADID)))
AND ROWNUM <= 1) IPADDRESS,
R.RESP_APPL_ID,
R.RESPONSIBILITY_ID,
F.FORM_ID,
F.FORM_APPL_ID,
L.PID,
L.PROCESS_SPID,
DECODE(NVL(SF.SID, -999), -999, 'RESP_LEVEL', 'FORM_LEVEL') SESSION_LEVEL,
NVL(F.AUDSID, R.AUDSID) AUDSID,
NVL(SF.SID, SR.SID) SID,
NVL(SF.SERIAL#, SR.SERIAL#) SERIAL#,
NVL(SF.PROCESS, SR.PROCESS) PROCESS
FROM FND_RESPONSIBILITY_TL RSP,
FND_FORM_TL FRM,
FND_USER USR,
FND_LOGINS L,
FND_LOGIN_RESP_FORMS F,
GV$SESSION SF,
FND_LOGIN_RESPONSIBILITIES R,
GV$SESSION SR
WHERE 1 = 1
AND L.LOGIN_ID = R.LOGIN_ID(+)
AND R.LOGIN_ID = F.LOGIN_ID(+)
AND R.LOGIN_RESP_ID = F.LOGIN_RESP_ID(+)
AND L.LOGIN_TYPE = 'FORM'
AND L.USER_ID = USR.USER_ID
AND R.RESPONSIBILITY_ID = RSP.RESPONSIBILITY_ID(+)
AND R.RESP_APPL_ID = RSP.APPLICATION_ID(+)
AND RSP.LANGUAGE(+) = USERENV('LANG')
AND F.FORM_ID = FRM.FORM_ID(+)
AND F.FORM_APPL_ID = FRM.APPLICATION_ID(+)
AND FRM.LANGUAGE(+) = USERENV('LANG')
AND F.AUDSID = SF.AUDSID(+)
AND R.AUDSID = SR.AUDSID(+) — AND L.LOGIN_ID = :P_LOGIN_ID
4. 根据得出的"PROCESS",通过应用用户去操作系统相应目录查询相关IP信息,如下命令:
cd $FORMS_TRACE_DIR
可以看到系统生成了相应PROCESS名字的rti文件,如下图所示(可通过log文件进去查相应PROCESS对应的IP):
同时可以找到em_86653.rti文件,然后cat该文件的内容,如下图所示:
至此可以查询出登录用户登录form的相应IP信息。
参考:https://www.cnblogs.com/quanweiru/p/8570732.html
https://blog.csdn.net/mchdba/article/details/45749131
https://www.cnblogs.com/hopedba/p/5895106.html
https://bbs.csdn.net/topics/10450699
https://blog.csdn.net/mchdba/article/details/68625963