Re: IP auditing for unsuccessful connections

From: Niall Litchfield <>
Date: Thu, 28 Apr 2011 17:56:41 +0100
Message-ID: <>

I use audit session for this, does require a db restart if audit_trail parameter needs to be changed

On 28 Apr 2011 17:30, "Dianna Gibbs" <> wrote:

 We have a new application that is multi-tiered with connections coming from many different windows and websphere servers.

Weve recently completed a new upgrade/install with several changes in servers. Each environment has four databases,

so we have a total of 16 databases for this application (TST, DEV,STG,PRD).

Oracle on AIX.

Something is constantly locking an oracle user account in two different databases (one prd, one tst).

Im trying to troubleshoot which servers have the incorrect passwords. Weve looked at log files, etc. and vendor cannot determine.

Im looking at AUDIT SESSION and understand it will show both successful and unsuccessful login attempts.

I also saw the Login Trigger SYS_CONTEXT.

I was wondering if someone had used either successful to catch unsuccessful logins or had another suggestion on best way to monitor and

troubleshoot this issue? We dont need this turned on long-term, just until we can catch which server has incorrect password.

Thanks in advance for any time and suggestions.

Dianna G.

Please consider the environment before printing this e-mail

This e-mail, facsimile, or letter and any files or attachments transmitted with it contains
information that is confidential and privileged. This information is intended only for the use of the
individual(s) and entity(ies) to whom it is addressed. If you are the intended recipient, further
disclosures are prohibited without proper authorization. If you are not the intended recipient, any
disclosure, copying, printing, or use of this information is strictly prohibited and possibly a
violation of federal or state law and regulations. If you have received this information in error,
please notify Children's Medical Center Dallas immediately at 214-456-4444 or via e-mail at Children's Medical Center Dallas and its affiliates hereby claim all
applicable privileges related to this information.

Received on Thu Apr 28 2011 - 11:56:41 CDT

Original text of this message