Home » RDBMS Server » Security » To Find All The 'Failed Log Ins' Through Audit Report (Windows XP, Oracle 10g)
To Find All The 'Failed Log Ins' Through Audit Report [message #493680] Wed, 09 February 2011 06:19 Go to next message
oraQ
Messages: 57
Registered: January 2011
Member
I have to find all the 'failed log ins' through audit report. then it has to be uploaded to a table. Can anyone suggest me how to do that? The script, either in windows or unix should be reusable and can read files one by one.

Thanks in advance.
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #493685 is a reply to message #493680] Wed, 09 February 2011 06:29 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
What is 'failed log ins'?

Regards
Michel
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #493718 is a reply to message #493685] Wed, 09 February 2011 08:58 Go to previous messageGo to next message
oraQ
Messages: 57
Registered: January 2011
Member
I mean to say, we need quarterly report of failed login entries. And then the records have to be entered into another table for future reference.Hope, I will have some guidance in this regard.

Thanks.
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #493719 is a reply to message #493718] Wed, 09 February 2011 09:00 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
>It would be helpful if you followed Posting Guidelines - http://www.orafaq.com/forum/t/88153/0/

exactly which AUDIT options have been previously enabled?
what details are expected in report?

is application 3-tier or 2-tier?
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #493722 is a reply to message #493718] Wed, 09 February 2011 09:06 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
AUDIT CREATE SESSION WHENEVER NOT SUCESSFUL;

and query DBA_AUDIT_SESSION.

Regards
Michel
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #493790 is a reply to message #493722] Wed, 09 February 2011 22:08 Go to previous messageGo to next message
oraQ
Messages: 57
Registered: January 2011
Member
This is a 2-tier system and I need a script( may be in unix or VB or something like) that can read log files in oracle one by one and can be reusable later. I don't need a trigger to do that. This will be done as part of quarterly excercise.

Thanks for the tips.
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #493792 is a reply to message #493790] Wed, 09 February 2011 23:20 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
There is NO session log UNLESS you audit.
Read about it and then come back if you have any more question.

Regards
Michel

[Updated on: Wed, 09 February 2011 23:21]

Report message to a moderator

Re: To Find All The 'Failed Log Ins' Through Audit Report [message #493793 is a reply to message #493792] Wed, 09 February 2011 23:22 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
STOP posting the same question in other forums of this site.
All of them will be deleted.
Your question is in THIS topic.

Regards
Michel

[Updated on: Wed, 09 February 2011 23:22]

Report message to a moderator

Re: To Find All The 'Failed Log Ins' Through Audit Report [message #494363 is a reply to message #493793] Sun, 13 February 2011 21:33 Go to previous messageGo to next message
oraQ
Messages: 57
Registered: January 2011
Member
Thanks to all for their valuable suggestions.
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #494647 is a reply to message #494363] Wed, 16 February 2011 05:02 Go to previous messageGo to next message
oraQ
Messages: 57
Registered: January 2011
Member
Thanks Michael for the suggestion.I am back for more inputs again. As suggested, we have to collect the audit information from the list of .aud files present in a log table. The log table has the files with information like ORACLE_HOME = path_name,System name(Linux),Node name,Release,Version,Machine,Instance name,Oracle process number,Unix process pid,SESSIONID,ENTRYID,RETURNCODE etc.We don't want a table for this, but a log table for performance issues. I Appreciate for quick help in this regard.

Thanks.
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #494648 is a reply to message #494647] Wed, 16 February 2011 05:17 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
We don't want a table for this, but a log table for performance issues

You don't want a table but a table? I have to say I don't understand what you want.

Regards
Michel
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #494670 is a reply to message #494648] Wed, 16 February 2011 08:00 Go to previous messageGo to next message
oraQ
Messages: 57
Registered: January 2011
Member
Michel, I mean to say we don't want to query a table for this, but we need to get the details from a log table. As suggested to me, We need to track the failed log in users from the log where the files are in .aud format. There are thousands of .aud files from which I need to segregate the failed ones. Hope, I have given the clear picture now.
Thanks for quick response.
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #494673 is a reply to message #493680] Wed, 16 February 2011 08:10 Go to previous messageGo to next message
knight
Messages: 111
Registered: January 2009
Senior Member
post
SQL> show parameter audit_trail
Re: To Find All The 'Failed Log Ins' Through Audit Report [message #494674 is a reply to message #494670] Wed, 16 February 2011 08:10 Go to previous message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
I mean to say we don't want to query a table for this, but we need to get the details from a log table

You repeat the same thing, it is not clearer. What is a log table if it is not a table? How to you get the information from a table without querying it?

Quote:
As suggested to me, We need to track the failed log in users from the log where the files are in .aud format. There are thousands of .aud files from which I need to segregate the failed ones. Hope, I have given the clear picture now.

I suggested to "query DBA_AUDIT_SESSION" not to use file system auditing mode.

Regards
Michel
Previous Topic: Oracle® Database Firewall Now Available
Next Topic: audit change password
Goto Forum:
  


Current Time: Fri Mar 29 06:50:36 CDT 2024