Re: failed connection attempts in listner.log file

Hi Ahmed,

It may be useful for you: Finding the source of failed login attempts. (Doc ID 352389.1)
<https://support.oracle.com/epmos/faces/DocContentDisplay?id=352389.1>

On Thu, Jan 27, 2022 at 7:18 PM Andy Sayer <andysayer_at_gmail.com> wrote:

> 0 means the listener successfully passed the request to a service (it did).
>
> I would recommend using a server error trigger to log ora-1017 somewhere.
> Something like
> https://www.alak.cc/2020/12/oracle-trigger-to-log-logon-denied-ora.html?m=1
> I would personally log it to a table rather than the alert log.
>
> Thanks,
> Andy
>
> On Thu, 27 Jan 2022 at 16:15, ahmed.fikri_at_t-online.de <
> ahmed.fikri_at_t-online.de> wrote:
>
>> Thanks Nenad.
>>
>>
>>
>> So one had to enable this explicitly. I was just wondering what the 0 at
>> the end of the line in the listener.log file would mean.
>>
>>
>>
>> Best regards
>>
>> Ahmed
>>
>>
>>
>>
>>
>>
>>
>> -----Original-Nachricht-----
>>
>> Betreff: RE: failed connection attempts in listner.log file
>>
>> Datum: 2022-01-27T16:59:41+0100
>>
>> Von: "Noveljic Nenad" <nenad.noveljic_at_vontobel.com>
>>
>> An: "ahmed.fikri_at_t-online.de" <ahmed.fikri_at_t-online.de>, "list, oracle" <
>> oracle-l_at_freelists.org>
>>
>>
>>
>>
>>
>>
>>
>> Hi Ahmed
>>
>>
>>
>> Listener log contains entries for TCP connections to the listener
>> process.
>>
>>
>>
>> Listener doesn’t know about logon status, because it just forks a
>> dedicated server process that handles authentication in the database.
>>
>>
>>
>> You’d need to configure audit session for tracking failed logons.
>>
>>
>>
>> Best regards,
>>
>>
>>
>> Nenad
>>
>>
>>
>> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On
>> Behalf Of *ahmed.fikri_at_t-online.de
>> *Sent:* Donnerstag, 27. Januar 2022 16:54
>> *To:* list, oracle <oracle-l_at_freelists.org>
>> *Subject:* failed connection attempts in listner.log file
>>
>>
>>
>> **** E-Mail from outside Vontobel:* Do not click on links or open
>> attachments unless you know the content is safe. ***
>>
>> Hi all,
>>
>>
>>
>> I'm trying to find out non-successful connection attempts
>>
>> In the listener.log file I see entries like this:
>>
>>
>>
>> 27-JAN-2022 15:18:38 *
>> (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=O12CPDB)(CID=(PROGRAM=C:\Program?Files\PLSQL?Developer?12\plsqldev.exe)(HOST=LAPTOP-2LQOLENG)(USER=kirux)))
>> * (ADDRESS=(PROTOCOL=tcp)(HOST=172.17.0.1)(PORT=60836)) * establish *
>> O12CPDB * 0
>>
>>
>>
>> 27-JAN-2022 15:30:24 *
>> (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=O12CPDB)(CID=(PROGRAM=C:\Program?Files\PLSQL?Developer?12\plsqldev.exe)(HOST=LAPTOP-2LQOLENG)(USER=kirux)))
>> * (ADDRESS=(PROTOCOL=tcp)(HOST=172.17.0.1)(PORT=60922)) * establish *
>> O12CPDB * 0
>>
>>
>>
>> First entry when trying to log in with a wrong PW and the second one with
>> the right one. Both looks similar.
>>
>>
>>
>> Is this normal and is there any way find out non-successful connection
>> attempts? The example was done using a 12.2.0.1 installed in a docker and
>> the host is a windows machine.
>>
>>
>>
>> Best regards
>>
>> Ahmed
>>
>>
>>
>> ____________________________________________________
>>
>> Please consider the environment before printing this e-mail.
>>
>> Bitte denken Sie an die Umwelt, bevor Sie dieses E-Mail drucken.
>>
>>
>> Important Notice
>>
>> This message is intended only for the individual named. It may contain
>> confidential or privileged information. If you are not the named addressee
>> you should in particular not disseminate, distribute, modify or copy this
>> e-mail. Please notify the sender immediately by e-mail, if you have
>> received this message by mistake and delete it from your system.
>> Without prejudice to any contractual agreements between you and us which
>> shall prevail in any case, we take it as your authorization to correspond
>> with you by e-mail if you send us messages by e-mail. However, we reserve
>> the right not to execute orders and instructions transmitted by e-mail at
>> any time and without further explanation.
>> E-mail transmission may not be secure or error-free as information could
>> be intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also
>> processing of incoming e-mails cannot be guaranteed. All liability of
>> Vontobel Holding Ltd. and any of its affiliates (hereinafter collectively
>> referred to as "Vontobel Group") for any damages resulting from e-mail use
>> is excluded. You are advised that urgent and time sensitive messages should
>> not be sent by e-mail and if verification is required please request a
>> printed version.
>> Please note that all e-mail communications to and from the Vontobel Group
>> are subject to electronic storage and review by Vontobel Group. Unless
>> stated to the contrary and without prejudice to any contractual agreements
>> between you and Vontobel Group which shall prevail in any case,
>> e-mail-communication is for informational purposes only and is not intended
>> as an offer or solicitation for the purchase or sale of any financial
>> instrument or as an official confirmation of any transaction.
>> The legal basis for the processing of your personal data is the
>> legitimate interest to develop a commercial relationship with you, as well
>> as your consent to forward you commercial communications. You can exercise,
>> at any time and under the terms established under current regulation, your
>> rights. If you prefer not to receive any further communications, please
>> contact your client relationship manager if you are a client of Vontobel
>> Group or notify the sender. Please note for an exact reference to the
>> affected group entity the corporate e-mail signature. For further
>> information about data privacy at Vontobel Group please consult
>> www.vontobel.com.
>> 
>>
>

-- 
Best regards,
Sayan Malakshinov
Oracle performance tuning engineer
Oracle ACE
http://orasql.org

--
http://www.freelists.org/webpage/oracle-l