0 Replies Latest reply on Aug 31, 2012 7:16 PM by BSalesRashid

    Audit connect - Audit_trail=OS

      Hi guys,
      I am have some trouble with an user that is locking his own account, several times a day:
      I changed his profile to put the wrong password 10 times, up from 5, and it keeps locking.

      But here's the deal:
      This user is from an application, and the 2 developers have the access. They couldn't find the class that is failing with the password.

      I looked for something on google and then i saw that would be better to audit and check it. Well, i did. I changed the parameter audit_trail=OS, and also audit connect whenever NOT successful;

      Fine, now i made myself a test. Tried to connect with my own user, missing the password, and it gives:

      SESSIONID:[7] "3353991" ENTRYID:[1] "1" STATEMENT:[1] "1" USERID:[6] "BRUNOS" USERHOST:[29] "FASTSOLUTIONS\PRO_TEC_EST_049" TERMINAL:[15] "PRO_TEC_EST_049" ACTION:[3] "100" RETURNCODE:[4] "1017" COMMENT$TEXT:[99] "Authenticated by: DATABASE; Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=XX.XX.34.199)(PORT=64229))" OS$USERID:[6] "brunos" DBID:[10] "1339862449"

      I did also: brunos@rac_cmspw1> select * from audit_actions where action=3;

      ---------- ----------------------------
      3 SELECT

      How could i have done a SELECT statement if i don't even connected at the base ?

      The reason i open this thread, is that i need some help to interpret this log.

      Any help would be apreciated.

      Thanks in advance.


      Edited by: BSalesRashid on 31/08/2012 12:16