Re: How to log attempts to connect as a locked user account
Date: Tue, 04 Aug 2009 09:06:31 +0100
If you just want to know who is attemting to connect then simply turning on session audit is the best. Chet's idea is nice but enabling network access from within the database always worries me from a security perspective so I would always try and avoid it.
Just to add there is a session view already built into the database SYS.DBA_AUDIT_SESSION that limits AUD$ to just session audit logs.
If you want to know who is connecting irrespective of success/fail then you can also mine the listener log. Arup did a good multi-part paper on otn some time back. I dont have a link to hand but I wrote about it in my blog so you can find a link from there but beware the same caveat, i personally dont agree with exposing listener logs, alert logs, trace files etc from within the production database.
Specialists in database security.
If you need help to audit or secure an Oracle database, please ask for details of our courses and consulting services
Phone: +44 (0)1904 791188 Fax : +44 (0)1904 791188 Mob : +44 (0)7742 114223 email: pete_at_petefinnigan.com site : http://www.petefinnigan.com Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom Company No : 4664901 VAT No. : 940 6681 14
Please note that this email communication is intended only for the addressee and may contain confidential or privileged information. The contents of this email may be circulated internally within your organisation only and may not be communicated to third parties without the prior written permission of PeteFinnigan.com Limited. This email is not intended nor should it be taken to create any legal relations, contractual or otherwise.
http://www.freelists.org/webpage/oracle-l Received on Tue Aug 04 2009 - 03:06:31 CDT