Re: Username with failed login

From: Paul Drake <bdbafh@xxxxxxxxx>
To: mschmitt@xxxxxxxxxxxx
Date: Mon, 15 Aug 2005 14:03:13 -0400

On 8/15/05, Mike Schmitt <mschmitt@xxxxxxxxxxxx> wrote:
>  
>  Hi All,
> 
>  I am trying to catch failed login attempts by using an after servererror
> database trigger.  We would like to be able to catch the username that is
> being provided with these attempts, but so far I haven't had any luck.  
> 
>  Is is possible to capture the name that was provided as part of the logon
> attempt and record that information, or do we have to use a different
> method?
> 
>  The edited trigger/proc we are using look like the following (We are using
> 9.2.0.4):
> 
>  

Mike,

Instead of coding this by hand, why not just leverage the provided
functionality?

SQL> show parameter audit_trail

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_trail                          string      TRUE

SQL> audit session whenever not successful;

Audit succeeded.

SQL> connect notauser/notmypass@mydb
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.

after reconnecting with a prvileged account:

  1  select username, userhost, returncode
  2   from dba_audit_session
  3  where timestamp>sysdate-1/24
  4* and username='NOTAUSER'
SQL> /

USERNAME        USERHOST                       RETURNCODE
--------------- ------------------------------ ----------
NOTAUSER        MYDOMAIN\MYDESKTOP                      1017

hth.

Pd
--
http://www.freelists.org/webpage/oracle-l

Follow-Ups:

RE: Username with failed login
From: David Wendelken

References:
- Oracle, Legato, RMAN, Solaris
  - From: Oded Maimon
- Re: Oracle, Legato, RMAN, Solaris
  - From: Fuad Arshad
- Username with failed login
  - From: Mike Schmitt

Re: Username with failed login

Other related posts: