Tuesday, 21 February 2017

Failed Logon Attempts in Oracle

Find out who are causing Account lock  by using below commands in Oracle

set lines 200
set pages 200

column USERNAME format a12
column OS_USERNAME format a12
column USERHOST format a25
column EXTENDED_TIMESTAMP format a40

SELECT USERNAME, OS_USERNAME, USERHOST, EXTENDED_TIMESTAMP
FROM SYS.DBA_AUDIT_SESSION WHERE returncode != 0 and username = '&Account_Locked'
and EXTENDED_TIMESTAMP > (systimestamp-1) order by 4 desc
/


(or) 

SELECT os_username,
  username,
  userhost,
  terminal,
  TIMESTAMP,
  action_name,
  logoff_time,
  RETURNCODE
FROM DBA_AUDIT_SESSION
WHERE RETURNCODE IN (1017,28000)
AND username      ='EWS'
ORDER BY TIMESTAMP


(or) 

SELECT
  TO_CHAR(TIMESTAMP,'MM/DD HH24:MI') TIMESTAMP,
  SUBSTR(OS_USERNAME,1,20) OS_USERNAME,
  SUBSTR(USERNAME,1,20) USERNAME,
  SUBSTR(TERMINAL,1,20) TERMINAL,
  ACTION_NAME,
  RETURNCODE
FROM
  SYS.DBA_AUDIT_SESSION
WHERE
  USERNAME LIKE 'MYUSER%'
  AND TIMESTAMP BETWEEN SYSDATE-1 AND SYSDATE
ORDER BY
  TIMESTAMP DESC;


*******************
Some useful values:-
*******************

RETURNCODE=0 indicates success
RETURNCODE=1017 indicates bad password
RETURNCODE=28000 indicates account is locked out
RETURNCODE=2004 indicates account is locked out 


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)