Thanks you all,
I managed to get the content of the dba_audit_trail table (UAT
environment). Only successfully login are logged, but after checking the
logs in the past I found entries for a job that connects to the db each 5
minutes. The db user get locked after (about) 50 minutes (default profile
with 10 times attempts limit). And it was the culprit job, (someone has
changed the pw). Nevertheless I was just curios and wanted to see if it was
possible to solve the problem without the enabling audit trail. And thank
you al: Nenad, Andy and Sayan l for having refreshing my knowledge about
listener.
However, I think there is no need to enable any extra auditing for no
successful connections, one had only to compare the listener.log file with
the the successful connections
Best regards
Ahmed
-----Original-Nachricht-----
Betreff: RE: failed connection attempts in listner.log file
Datum: 2022-01-27T17:24:32+0100
Von: "Noveljic Nenad" <nenad.noveljic@xxxxxxxxxxxx>
An: "andysayer@xxxxxxxxx" <andysayer@xxxxxxxxx>, "ahmed.fikri@xxxxxxxxxxx"
<ahmed.fikri@xxxxxxxxxxx>, "list, oracle" <oracle-l@xxxxxxxxxxxxx>
Alternatively, you can configure auditing for failed logons:
audit session whenever not successful ;
and define audit trail in the database (if you want it in the database)
See the documentation for the spfile parameter audit_trail about the
options where to put the audit trail.
Best regards,
Nenad
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> On
Behalf Of Andy Sayer
Sent: Donnerstag, 27. Januar 2022 17:18
To: ahmed.fikri@xxxxxxxxxxx
Cc: list, oracle <oracle-l@xxxxxxxxxxxxx>
Subject: Re: failed connection attempts in listner.log file
0 means the listener successfully passed the request to a service (it did).
I would recommend using a server error trigger to log ora-1017 somewhere.
Something like
<https://www.alak.cc/2020/12/oracle-trigger-to-log-logon-denied-ora.html?m=1>
I would personally log it to a table rather than the alert log.
Thanks,
Andy
____________________________________________________
Please consider the environment before printing this e-mail.
Bitte denken Sie an die Umwelt, bevor Sie dieses E-Mail drucken.
Important Notice
This message is intended only for the individual named. It may contain
confidential or privileged information. If you are not the named addressee
you should in particular not disseminate, distribute, modify or copy this
e-mail. Please notify the sender immediately by e-mail, if you have
received this message by mistake and delete it from your system.
Without prejudice to any contractual agreements between you and us which
shall prevail in any case, we take it as your authorization to correspond
with you by e-mail if you send us messages by e-mail. However, we reserve
the right not to execute orders and instructions transmitted by e-mail at
any time and without further explanation.
E-mail transmission may not be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also
processing of incoming e-mails cannot be guaranteed. All liability of
Vontobel Holding Ltd. and any of its affiliates (hereinafter collectively
referred to as "Vontobel Group") for any damages resulting from e-mail use
is excluded. You are advised that urgent and time sensitive messages should
not be sent by e-mail and if verification is required please request a
printed version.
Please note that all e-mail communications to and from the Vontobel Group
are subject to electronic storage and review by Vontobel Group. Unless
stated to the contrary and without prejudice to any contractual agreements
between you and Vontobel Group which shall prevail in any case,
e-mail-communication is for informational purposes only and is not intended
as an offer or solicitation for the purchase or sale of any financial
instrument or as an official confirmation of any transaction.
The legal basis for the processing of your personal data is the legitimate
interest to develop a commercial relationship with you, as well as your
consent to forward you commercial communications. You can exercise, at any
time and under the terms established under current regulation, your rights.
If you prefer not to receive any further communications, please contact
your client relationship manager if you are a client of Vontobel Group or
notify the sender. Please note for an exact reference to the affected group
entity the corporate e-mail signature. For further information about data
privacy at Vontobel Group please consult www.vontobel.com
<https://www.vontobel.com> .