RE: constant logging in as / as sysdba ?

• From: "Khemmanivanh, Somckit" <somckit.khemmanivanh@xxxxxxxxxxxxxxxx>
• To: "'Thomas.Mercadante@xxxxxxxxxxxxxxxxx'" <Thomas.Mercadante@xxxxxxxxxxxxxxxxx>, "oracledbaquestions@xxxxxxxxx" <oracledbaquestions@xxxxxxxxx>
• Date: Wed, 15 Apr 2009 13:28:09 -0700

We have audit_trail set to OS as well (we audit create session)...

What I did was write a custom monitoring script to capture the OS information 
of the user logging in as "/ as sysdba" (we use it for SOX compliance)

Is this the kind of info you're looking for?

Thanks,
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Mercadante, Thomas F (LABOR)
Sent: Wednesday, April 15, 2009 12:33 PM
To: oracledbaquestions@xxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: RE: constant logging in as / as sysdba ?

My guess is it's either pmon or smon.  Is it happening like every few minutes?

Put a database logon trigger in place and capture the program name.

________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Dba DBA
Sent: Wednesday, April 15, 2009 2:56 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: constant logging in as / as sysdba ?

I am trying to figure out what is logging in constantly as / as sysdba. We are 
on Solaris iwth Oracle 10.1. We are using Solaris clustering(this is OS 
clustering and not RAC). However, I turned the cluster off and then turned 
Oracle on manually. The / as sysdba connection continues to happen every minute.

By default Oracle logs all / as sysdba connections. I then increased my 
auditing to try to find out what is going on.

So I did

audit all by access
and I set my audit_trail to the OS.

I am I am getting is the following:

Wed Apr 15 14:54:17 2009
ACTION : 'CONNECT'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL:
STATUS: 0


The session does not appear to do anything. I would think audit all by access 
would catch this. To test it, I logged in as / as sysdba and shutdown the 
database. my actions were logged.

We do not have kron jobs running. anyone experience this before ? anything 
about solaris? could it be an oracle process logging in?

• References:
  • constant logging in as / as sysdba ?
    • From: Dba DBA
  • RE: constant logging in as / as sysdba ?
    • From: Mercadante, Thomas F (LABOR)

Other related posts:

• » constant logging in as / as sysdba ?- Dba DBA
• » RE: constant logging in as / as sysdba ?- Mercadante, Thomas F (LABOR)
• » RE: constant logging in as / as sysdba ?- Don Granaman
• » RE: constant logging in as / as sysdba ? - Khemmanivanh, Somckit
• » Re: constant logging in as / as sysdba ?- Stefan Knecht

1. Home
2. oracle-l
3. Archive
4. 04-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---