ip address record in sybase ASE auditing database? [closed]
-
08-10-2020 - |
문제
everone.
I installed the sybsecurity database for auditing in sybase ase 15.5. The installation is OK. I configured the audit commands, for example, for auditing the sa user, and other users of the database.
I see that the column extrainfo
for the table sysaudits_01
shows additional information. I need to add the IP address of of users who perform certain commands: for example, GRANT
, INSERT
, 'UPDATE,
DELETE,
SELECT, and
CREATE`.
I see that rows in login attempts
include the IP address in the extrainfo
column.
I checked the code of the file C:\Sybase\ASE-15_0\scripts\instsecu
but I can't find how to add the IP address to extrainfo
to my table.
How can I capture the IP address for certain actions, and record it in extrainfo
?
해결책
The contents of the extrainfo
column is populated in two ways:
- automatically by the auditing system; the actual contents are pre-defined based on what exactly is being audited (eg, audited logins could include the ip address)
- when the
sp_addauditrecord
proc is called (eg, by a user-defined proc, trigger, batch process)
In order to match an ip address with the various commands you'd have to use the audited login record (that contains the ip address) to obtain the associated spid/suid
, then use these values to search follow-on auditing records with the same spid/suid
; basically a self-join of the sysaudits
table.
Keep in mind that you really don't want to be hitting the sysaudits
tables very often with this type of activity as that's not what the tables are designed for. Instead, you'd want to periodically pull the auditing data into some other database/table/repository (with appropriate indexes) where you could run your queries.