Table of Contents
Advertisement
Rule Chaining
5
6
7
8
Alert Behavior
FortiDB Version 3.2 Utilities User Guide
15-32000-81369-20081219
Chained-Rule Alerts: (UBM Session Policy and PUDR)
Get an alert when the (the Session Policy) Source rule is violated.
Get another alert when the chained PUDR executes and, in this case kills the
session of BAD_GUY.
And, in the Alert Details dialog, display DB user name, OS user name, machine
name, and source-program name as shown above.
Notice that our SQLPlus session has been killed
This topic describes various alert behavior users should be aware of.
Table Columns That Could Appear in Alerts
Be careful when specifying the SQL for your UDRs. Statements like "SELECT *
FROM <table_name>", where <table_name> has a lot of columns, may produce
alerts that are difficult to read due to the large number of columns. It is better to be
more specific like "SELECT <column_name1>, ... , <column_nameN> from
<table_name>".
For example using Oracle, v$session has over 40 columns, so instead of this
statement:
SELECT * FROM v$session WHERE osuser = '$osusername'
you might want to use one with specific columns, like:
Chaining with Parameterized User-Defined Rules
Resulting Killed Session
17
Advertisement
Table of Contents
