Re: Audit for program at login time

  • From: "Jared Still" <jkstill@xxxxxxxxx>
  • To: mary_mcneely@xxxxxxxxx
  • Date: Tue, 11 Mar 2008 16:14:04 -0700

This information might be good for troubleshooting, or determining how
users access the database.

Keep in mind that the value in v$session.program is easily spoofed by any
with nefarious purposes simply by renaming the executable.

eg.  C:> move toad.exe sqlplus.exe

Something that anyone with ill intent is likely to know about.

On Tue, Mar 11, 2008 at 12:41 PM, Mary Elizabeth McNeely <
mary_mcneely@xxxxxxxxx> wrote:

> Hello all,
> I am tasked with auditing who accesses the database with what program
> (equivalent of v$session.program) upon database login.  I can get everything
> I want into the audit trail by using "audit connect", except the equivalent
> of v$session.program.
> (a) Does anyone know of a supported way to push the program information
> into sys.aud$, and if not,
> (b) Does anyone know of a way to accomplish this other than a login
> trigger?  Any sample code available?
> Thanks in advance for any hints you can offer.
> Mary Elizabeth McNeely
> --

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

Other related posts: