Re: How to log attempts to connect as a locked user account

From: Bradd Piontek <piontekdd_at_gmail.com>
Date: Fri, 31 Jul 2009 09:49:09 -0500
Message-ID: <e9569ef30907310749x54d2a863g6cdded8280fb113d_at_mail.gmail.com>

I was going to suggest the same thing. Make sure AUDIT_TRAIL is set to something other than NONE (DB is good). This requires an instance restart. I'd show my 11g example with a locked account, but for some reason my buffers aren't working between my VM and host OS.\

Bradd Piontek
"Next to doing a good job yourself,

        the greatest joy is in having someone
        else do a first-class job under your
        direction."

William Feather

On Fri, Jul 31, 2009 at 9:44 AM, Timur Akhmadeev <Akhmadeev_at_netcracker.com>wrote:

> SQL> audit session whenever not successful;
>
>
>
> Audit succeeded.
>
>
>
> SQL> conn asdf/asdf
>
> ERROR:
>
> ORA-01017: invalid username/password; logon denied
>
>
>
> SQL> conn / as sysdba
>
> Connected.
>
> SQL> select * from (select username, action_name, returncode from
> dba_audit_trail
>
> 2 order by timestamp desc) where rownum <= 1;
>
>
>
> USERNAME ACTION_NAME RETURNCODE
>
> ------------------------------ ---------------------------- ----------
>
> ASDF LOGON 1017
>
>
>
> Thanks,
>
> Timur Akhmadeev
>
>
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org]
> On Behalf Of Martin Klier
> Sent: Friday, July 31, 2009 17:53
> To: 'oracle-l_at_freelists.org'
> Subject: How to log attempts to connect as a locked user account
>
>
>
> Dear list,
>
>
>
> I want to design poor man's auditing for one single case: My user
>
> accounts are locked, and I want to log the connection attempts. But
>
> since there is no BEFORE LOGON ON DATABASE trigger (for rather obvious
>
> reasons).
>
>
>
> (Background info: Decommissioning of a test database: I want to find
>
> ancient jobs or autistic developers that don't complain, before dropping
>
> the storage there.)
>
>
>
> Is there any best practice for this? I'm using 9i, 10g and 11g.
>
>
>
> Thanks for any response
>
> Martin Klier
>
> --
>
> Usn's IT Blog for Linux, Oracle, Asterisk
>
> http://www.usn-it.de
>
>
>
> --
>
> http://www.freelists.org/webpage/oracle-l
>
>
>
>
>
>
> ------------------------------
> The information transmitted herein is intended only for the person or
> entity to which it is addressed and may contain confidential, proprietary
> and/or privileged material. Any review, retransmission, dissemination or
> other use of, or taking of any action in reliance upon, this information by
> persons or entities other than the intended recipient is prohibited. If you
> received this in error, please contact the sender and delete the material
> from any computer.
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Jul 31 2009 - 09:49:09 CDT

This message: [ Message body ]
Next message: Bradd Piontek: "Re: changing init.ora and spfile"
Previous message: Rich Jesse: "Re: How to log attempts to connect as a locked user account"
In reply to: Timur Akhmadeev: "RE: How to log attempts to connect as a locked user account"
Next in thread: Rich Jesse: "Re: How to log attempts to connect as a locked user account"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message