Finding the source of failed login attempts. (Doc ID 352389.1)

Last updated on JUNE 09, 2023

Applies to:

Oracle Database - Enterprise Edition - Version 11.2.0.4 and later
Information in this document applies to any platform.
Oracle Server Enterprise Edition - Version: 9.0.1.4 to 11.2.0.4

Purpose

This troubleshooting guide is aimed at providing information on how to trace suspect logins that have failed with ora-1017, logon denied during database authentication. Note that a malicious origin is in most cases not the cause of an unsuccessful login. It can be simply a typo in the username or password, a cron job with an invalid password in it or even an Oracle client program that was badly configured (for example see referenced note 267401.1). Anyway these unsuccessful connect attempts can be a nuisance, especially when a password management policy is in place that has a limit on failed_login_attempts and cause the ora-28000 "the account is locked" error.

Troubleshooting Steps

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Purpose

Troubleshooting Steps

Check DBA_USERS

Audit unsuccessful logins

Set an event in the "init.ora" parameter file

Use a trigger to capture additional information

Use SQLNET Tracing to gather detailed information

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Finding the source of failed login attempts. (Doc ID 352389.1)

Applies to:

Purpose

Troubleshooting Steps

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!