Re: failed connection attempts in listner.log file

From: Neil Chandler <neil_chandler_at_hotmail.com>
Date: Thu, 27 Jan 2022 20:35:12 +0000
Message-ID: <AM8P194MB16284CFD9FD643AB75F752DC85219_at_AM8P194MB1628.EURP194.PROD.OUTLOOK.COM>

I know you have a resolution but... if your database was created at 12+ (i.e. not upgraded from a lower release), then there are 2 Unified Audit policies enabled by default, one of which audits unsuccessful logon attempts.

Check with: select * from audit_unified_enabled_policies order by policy_name; You can access that data in the view UNIFIED_AUDIT_TRAIL: select * from unified_audit_trail order by event_timestamp;

Others suggested using traditional audit methods, which is fine but I would advocate everyone to migrate to Unified Auditing if they are on 12.2+ for security, performance and manageability reasons. It's just better. [aside: if you are on 12.1 with unified audit policies enabled, you need to look at https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=391811005170797&id=2063340.1&_adf.ctrl-state=u78nmxlxc_52 to apply the patch as it has serious performance issues]

regards

Neil.

From: oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> on behalf of ahmed.fikri_at_t-online.de <ahmed.fikri_at_t-online.de> Sent: 27 January 2022 16:39
To: list, oracle <oracle-l_at_freelists.org> Subject: AW: failed connection attempts in listner.log file

Thanks you all,

I managed to get the content of the dba_audit_trail table (UAT environment). Only successfully login are logged, but after checking the logs in the past I found entries for a job that connects to the db each 5 minutes. The db user get locked after (about) 50 minutes (default profile with 10 times attempts limit). And it was the culprit job, (someone has changed the pw). Nevertheless I was just curios and wanted to see if it was possible to solve the problem without the enabling audit trail. And thank you al: Nenad, Andy and Sayan l for having refreshing my knowledge about listener.

However, I think there is no need to enable any extra auditing for no successful connections, one had only to compare the listener.log file with the the successful connections

Best regards

Ahmed

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Jan 27 2022 - 21:35:12 CET

This message: [ Message body ]
Next message: ahmed.fikri_at_t-online.de: "AW: failed connection attempts in listner.log file"
Previous message: ahmed.fikri_at_t-online.de: "AW: failed connection attempts in listner.log file"
Maybe in reply to: ahmed.fikri_at_t-online.de: "failed connection attempts in listner.log file"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message