Re: How to log attempts to connect as a locked user account

From: Pete Finnigan <>
Date: Tue, 04 Aug 2009 09:06:31 +0100
Message-ID: <>

Hi Martin,

If you just want to know who is attemting to connect then simply turning on session audit is the best. Chet's idea is nice but enabling network access from within the database always worries me from a security perspective so I would always try and avoid it.

Just to add there is a session view already built into the database SYS.DBA_AUDIT_SESSION that limits AUD$ to just session audit logs.

If you want to know who is connecting irrespective of success/fail then you can also mine the listener log. Arup did a good multi-part paper on otn some time back. I dont have a link to hand but I wrote about it in my blog so you can find a link from there but beware the same caveat, i personally dont agree with exposing listener logs, alert logs, trace files etc from within the production database.




Pete Finnigan
Director Limited

Specialists in database security.

If you need help to audit or secure an Oracle database, please ask for details of our courses and consulting services

Phone: +44 (0)1904 791188
Fax  : +44 (0)1904 791188
Mob  : +44 (0)7742 114223
site :

Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom
Company No       : 4664901
VAT No.          : 940 6681 14

Please note that this email communication is intended only for the addressee and may contain confidential or privileged information. The contents of this email may be circulated internally within your organisation only and may not be communicated to third parties without the prior written permission of Limited. This email is not intended nor should it be taken to create any legal relations, contractual or otherwise.

-- Received on Tue Aug 04 2009 - 03:06:31 CDT

Original text of this message