Wednesday, 6 April 2016

Oracle who is locking schema / account ORA-01017

Attempting to login with wrong password may lock you after several retires depending on how dba's set you database.

Here is lightweight method( tried and tested):

-----Creating table to store access failure results and investigative details for diagnosis:

drop table sys.logon_trigger;
 CREATE TABLE sys.logon_trigger
(
USERNAME VARCHAR2(30),
USERHOST VARCHAR2(100),
USERIP VARCHAR2(100),
USEROS VARCHAR2(100),
TIMESTAMP DATE
);

-----Create trigger as SYS to capture login faulures:

CREATE OR REPLACE TRIGGER sys.logon_trigger
AFTER SERVERERROR ON DATABASE
BEGIN
  IF (IS_SERVERERROR(1017)) THEN
    INSERT INTO logon_trigger VALUES(SYS_CONTEXT('USERENV', 'AUTHENTICATED_IDENTITY'), SYS_CONTEXT('USERENV', 'HOST'),SYS_CONTEXT('USERENV', 'IP_ADDRESS'),sys_context('USERENV', 'OS_USER'), SYSDATE);
    COMMIT;
  END IF;
END;
/

------Query to retrieve details --------
SET lines 200
col USERHOST FOR a30
SELECT * FROM sys.logon_trigger ORDER BY TIMESTAMP DESC;

Sample Result:
SET lines 200
col USERHOST FOR a30
col USERNAME for a10
col USERIP for a30
col USEROS for a30
SELECT * FROM sys.logon_trigger ORDER BY TIMESTAMP DESC;06:44:50 SQL> 06:44:50 SQL> 06:44:50 SQL> 06:44:50 SQL> 06:44:50 SQL>

USERNAME   USERHOST                       USERIP                         USEROS                         TIMESTAMP
---------- ------------------------------ ------------------------------ ------------------------------ --------------------
scott      localhost.localdomain          127.0.0.1                      oracle                         07-APR-2016 06:34:54
system     localhost.localdomain          127.0.0.1                      oracle                         07-APR-2016 06:33:20
system     localhost.localdomain          127.0.0.1                      oracle                         07-APR-2016 06:30:20
scott      localhost.localdomain                                         oracle                         07-APR-2016 06:25:59


Note: Bequeath connection IP is not captured.

Other Method could be via Auditing, also used it, will blog some time later.

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)