Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Unwarp Kerberos encrypted request problem (Invalid padding on Wrap Token)

843810Dec 4 2007 — edited Mar 28 2008
Hi averybody.
I am trying to "unwarp" Kerberos encrypted packet from Windows Vista but always have exception:
-----
GSSException: Defective token detected (Mechanism level: Invalid padding on Wrap Token)
at sun.security.jgss.krb5.CipherHelper.arcFourDecrypt(CipherHelper.java:1226)
at sun.security.jgss.krb5.CipherHelper.decryptData(CipherHelper.java:532)
at sun.security.jgss.krb5.WrapToken.getDataFromBuffer(WrapToken.java:230)
at sun.security.jgss.krb5.WrapToken.getData(WrapToken.java:195)
at sun.security.jgss.krb5.WrapToken.getData(WrapToken.java:168)
at sun.security.jgss.krb5.Krb5Context.unwrap(Krb5Context.java:941)
at sun.security.jgss.GSSContextImpl.unwrap(GSSContextImpl.java:384)
at com.myproject.ws_management.WSServer$MyHandler.handle(WSServer.java:361)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:65)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:68)
at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:552)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:524)
at sun.net.httpserver.ServerImpl$DefaultExecutor.execute(ServerImpl.java:119)
at sun.net.httpserver.ServerImpl$Dispatcher.handle(ServerImpl.java:349)
at sun.net.httpserver.ServerImpl$Dispatcher.run(ServerImpl.java:321)
at java.lang.Thread.run(Thread.java:619)
-----

I correctly created GSS context (using acceptSecContext)
Debug from "acceptSecContext" caller:
-----
Remaining lifetime in seconds = 2147483647
Context mechanism = 1.2.840.113554.1.2.2
Initiator = UVISTA$@SYMCBQ.LOCAL
Acceptor = HOST/JUGGERNAUT@SYMCBQ.LOCAL
Confidentiality (i.e., privacy) is available
Integrity is available
-----

Before "unwarp(content)" method throws exception
I created GSSHeader gssHeader = new GSSHeader(new ByteArrayInputStream(content)); for debugging and debug information which was extracted from gssHeader variable is:
-----
Incoming warped content length: 1671
Incoming GSS header OID: 1.2.840.113554.1.2.2
Incoming GSS header length: 15
Incoming GSS header MechTokenLength: 1656
-----

Does anybody have ideas why it is happens ?

Thanks,
Andrey

Comments

Robeen

last time users queried, I got the following query:

select username,machine,terminal,logon_time from v$session;

1 person found this helpful
Mustafa KALAYCI

you can use audit if you have, query dba_audit_Trail to see logon and off times.

1 person found this helpful
PKR

Hi

See MOS DOC

How to Audit User Connection, Disconnection Date and Time (Doc ID 99786.1)

Rgrds

PKR

PKR

Hi

DB version 12c only

select USERNAME,LAST_LOGIN from dba_users

Rgrds

PKR

1 person found this helpful
PKR

Hi,

https://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:1830073957439

also MOS DOC

How to Audit Logon/Logoff Events with Triggers (Doc ID 70679.1)

Rgrds,

PKR

EdStevens 
Robeen wrote:
last time users queried, I got the following query:
select username,machine,terminal,logon_time from v$session;

v$session shows only current sessions.  If I logged of 1 ms before you query v$session, you wont see the 'last time I queried".

Unless you are on 12c ( See PKR, msg #4) you will really have to role your own, by keeping a 'last logon' table, and populate it with a trigger.  Auditing is useful but not really a complete solution.  First, it can be turned off and back on, but more importantly, it will only give you the last logon of a user if that last logon was within the retention period of your audit trail.

I took the approach of a custom 'last_logon' table and a  trigger.  My table looks like this:

CREATE TABLE "LOCALDBA"."LAST_USER_LOGON"

  (    "USERNAME" VARCHAR2(30 BYTE),

       "OS_USERNAME" VARCHAR2(30 BYTE),

       "LAST_LOGON_DATE" DATE,

       "SOURCE_IND" CHAR(1 BYTE),

    CONSTRAINT "LAST_LOGON_PK" PRIMARY KEY ("USERNAME")

the logon trigger updates the row for the user that is logging on.  For an initial load of the table, I joined dba_users with dba_audit_trail, using the date of the most recent audited logon (if available) to populate LAST_LOGON_DATE.  If no audit record existed for a given user, I populated LAST_LOGON_DATE with sysdate.  SOURCE_IND is an 'A' (Audit) if the last logon was from the audit trail on the initial load, a 'D' (Default) if from sysdate on the initial load, and when updated by the trigger, SOURCE_IND is set to 'T' (Trigger).

1 person found this helpful
DeepC

Login time populated only when you connect using SQL*PLUS. Using -nologintime switched off login time and no login time recording for SYSDBA,SYSDG and SYSBACKUP

unknown-3431574

"Login time populated only when you connect using SQL*PLUS"

So this is a half-hearted, poorly conceived 'enhancement' to the data dictionary information?

1 person found this helpful
EdStevens 
Deep Chakraborty wrote:
Login time populated only when you connect using SQL*PLUS. Using -nologintime switched off login time and no login time recording for SYSDBA,SYSDG and SYSBACKUP

Huh?

What is that from, and what is it referencing?

1 person found this helpful
AndrewSayer 
EdStevens wrote:
Deep Chakraborty wrote:
Login time populated only when you connect using SQL*PLUS. Using -nologintime switched off login time and no login time recording for SYSDBA,SYSDG and SYSBACKUP 
Huh?
What is that from, and what is it referencing?

To confirm:

If it means that you can disable LAST_LOGIN from being populated when you use the -nologintime switch, it's wrong. It still gets recorded.

If it means that when you login with something like sql developer: it won't get populated, it's wrong. It still gets recorded.

Can't confirm the SYS___ roles.

1 person found this helpful
PKR 
Deep Chakraborty wrote:
Login time populated only when you connect using SQL*PLUS. Using -nologintime switched off login time and no login time recording for SYSDBA,SYSDG and SYSBACKUP

How ???? please more clarifications

OP mentioned here oracle Database version 11.2.04... is it avil SYSDG and SYSBACKUP 

EdStevens 
Andrew Sayer wrote:
EdStevens wrote:
Deep Chakraborty wrote:
Login time populated only when you connect using SQL*PLUS. Using -nologintime switched off login time and no login time recording for SYSDBA,SYSDG and SYSBACKUP 
Huh?
What is that from, and what is it referencing?
To confirm:
If it means that you can disable LAST_LOGIN from being populated when you use the -nologintime switch, it's wrong. It still gets recorded.
If it means that when you login with something like sql developer: it won't get populated, it's wrong. It still gets recorded.
Can't confirm the SYS___ roles.

Where is this documented?  What is this "-nologintime switch"?

Not that I'm doubting or questioning the statements, but I'm curious as to what bit of documentation this is coming out of.  I didn't see anything about this in the 12c  Reference, in the section on DBA_USERS (where the new column is located).

unknown-3431574

Cheers, I was wondering why anyone would introduce such a pointless feature, but then they did introduce v$session_connect_info which was supposed to track which version of the oracle client was used for a connection.  Not sure if it works yet, I gave up checking at 11.2.0.4.

Seems the -nologintime simply switches off the 'Last login' message you get when logging in to sqlplus.

AndrewSayer 
EdStevens wrote:
Andrew Sayer wrote:
EdStevens wrote:
Deep Chakraborty wrote:
Login time populated only when you connect using SQL*PLUS. Using -nologintime switched off login time and no login time recording for SYSDBA,SYSDG and SYSBACKUP 
Huh?
What is that from, and what is it referencing?
To confirm:
If it means that you can disable LAST_LOGIN from being populated when you use the -nologintime switch, it's wrong. It still gets recorded.
If it means that when you login with something like sql developer: it won't get populated, it's wrong. It still gets recorded.
Can't confirm the SYS___ roles.
Where is this documented? What is this "-nologintime switch"?
Not that I'm doubting or questioning the statements, but I'm curious as to what bit of documentation this is coming out of. I didn't see anything about this in the 12c Reference, in the section on DBA_USERS (where the new column is located).

https://docs.oracle.com/database/121/SQPUG/ch_three.htm#CHDGIHIH

-nologintime

The last login time for non-SYS users is displayed when you log on. This feature is on by default. The last login time is displayed in local time format. You can use the -nologintime option to disable this security feature. After you login, the last login information is displayed

As TRRtR says, it's just switching on and off the message, it doesn't change what gets stored.

I'm not sure about SYS___ roles, but you have no choice whether last login time gets recorded under standard users.


(not sure how my messages are coming across, but I'm in agreement with you)

1 person found this helpful
EdStevens 
Andrew Sayer wrote:
https://docs.oracle.com/database/121/SQPUG/ch_three.htm#CHDGIHIH 
-nologintime
As TRRtR says, it's just switching on and off the message, it doesn't change what gets stored.

(not sure how my messages are coming across, but I'm in agreement with you)

Messages coming across just fine.  I just couldn't figure out what Deep Chakraborty was talking about.  The statement was without context, and made no reference to anything I had ever heard of.  But when you gave me the link my first thought was exactly what I see now that you followed up with - "it's just switching on and off the message (displayed by sqlplus), it doesn't change what gets stored".  And with that statement, I'd say that it has zero applicability to the OP's issue.

1 person found this helpful
ddf_dba 
Deep Chakraborty wrote:
Login time populated only when you connect using SQL*PLUS. Using -nologintime switched off login time and no login time recording for SYSDBA,SYSDG and SYSBACKUP

Incorrect, it's populated for any connection to the database for monitored users (it seems the only user that isn't monitored is SYS):

USERNAME                            LAST_LOGIN

----------------------------------- ---------------------------------------------

GSMCATUSER

SYSBACKUP

DIP

SYSDG

BUNG                                18-JUL-17 11.20.39.000000000 AM -06:00

ORACLE_OCM

SYSKM

XS$NULL

GSMUSER

BING                                25-JUL-17 07.53.59.000000000 AM -06:00

AUDSYS

USERNAME                            LAST_LOGIN

----------------------------------- ---------------------------------------------

ANONYMOUS

DBSNMP

WMSYS

XDB

APPQOSSYS

GSMADMIN_INTERNAL

OUTLN

SYSTEM                              25-JUL-17 07.53.33.000000000 AM -06:00

SYS

20 rows selected.

Proving it's not just SQL*Plus that records this information I just connected through SQL*Developer to this same database:

BING                                25-JUL-17 07.59.04.000000000 AM -06:00

and the last_login column is populated with the current login timestamp.

Please verify your 'information' BEFORE you post.

David Fitzjarrell

1 person found this helpful
Robeen

hi,

thanks. can you please help with the script.

after creating the table, which field from dba_users and dba_audit_trail should I use to perform the join?

SQL> desc dba_users

Name                                      Null?    Type

----------------------------------------- -------- ----------------------------

USERNAME                                  NOT NULL VARCHAR2(30)

USER_ID                                   NOT NULL NUMBER

PASSWORD                                           VARCHAR2(30)

ACCOUNT_STATUS                            NOT NULL VARCHAR2(32)

LOCK_DATE                                          DATE

EXPIRY_DATE                                        DATE

DEFAULT_TABLESPACE                        NOT NULL VARCHAR2(30)

TEMPORARY_TABLESPACE                      NOT NULL VARCHAR2(30)

CREATED                                   NOT NULL DATE

PROFILE                                   NOT NULL VARCHAR2(30)

INITIAL_RSRC_CONSUMER_GROUP                        VARCHAR2(30)

EXTERNAL_NAME                                      VARCHAR2(4000)

PASSWORD_VERSIONS                                  VARCHAR2(8)

EDITIONS_ENABLED                                   VARCHAR2(1)

AUTHENTICATION_TYPE                                VARCHAR2(8)

SQL> desc dba_audit_trail

Name                                      Null?    Type

----------------------------------------- -------- ----------------------------

OS_USERNAME                                        VARCHAR2(255)

USERNAME                                           VARCHAR2(30)

USERHOST                                           VARCHAR2(128)

TERMINAL                                           VARCHAR2(255)

TIMESTAMP                                          DATE

OWNER                                              VARCHAR2(30)

OBJ_NAME                                           VARCHAR2(128)

ACTION                                    NOT NULL NUMBER

ACTION_NAME                                        VARCHAR2(28)

NEW_OWNER                                          VARCHAR2(30)

NEW_NAME                                           VARCHAR2(128)

OBJ_PRIVILEGE                                      VARCHAR2(16)

SYS_PRIVILEGE                                      VARCHAR2(40)

ADMIN_OPTION                                       VARCHAR2(1)

GRANTEE                                            VARCHAR2(30)

AUDIT_OPTION                                       VARCHAR2(40)

SES_ACTIONS                                        VARCHAR2(19)

LOGOFF_TIME                                        DATE

LOGOFF_LREAD                                       NUMBER

LOGOFF_PREAD                                       NUMBER

LOGOFF_LWRITE                                      NUMBER

LOGOFF_DLOCK                                       VARCHAR2(40)

COMMENT_TEXT                                       VARCHAR2(4000)

SESSIONID                                 NOT NULL NUMBER

ENTRYID                                   NOT NULL NUMBER

STATEMENTID                               NOT NULL NUMBER

RETURNCODE                                NOT NULL NUMBER

PRIV_USED                                          VARCHAR2(40)

CLIENT_ID                                          VARCHAR2(64)

ECONTEXT_ID                                        VARCHAR2(64)

SESSION_CPU                                        NUMBER

EXTENDED_TIMESTAMP                                 TIMESTAMP(6) WITH TIME ZONE

PROXY_SESSIONID                                    NUMBER

GLOBAL_UID                                         VARCHAR2(32)

INSTANCE_NUMBER                                    NUMBER

OS_PROCESS                                         VARCHAR2(16)

TRANSACTIONID                                      RAW(8)

SCN                                                NUMBER

SQL_BIND                                           NVARCHAR2(2000)

SQL_TEXT                                           NVARCHAR2(2000)

OBJ_EDITION_NAME                                   VARCHAR2(30)

DBID                                               NUMBER

insert into LOCALDBA.LAST_USER_LOGON (select .... from dba_users.username,dba_audit_trail.os_username..)

Pleasse advise.

Regards,

Roshan

EdStevens 
Robeen wrote:
hi,
thanks. can you please help with the script.
after creating the table, which field from dba_users and dba_audit_trail should I use to perform the join?
<snip>
Regards,
Roshan

I could provide you with the exact scripts I used, but that would deprive you of an important learning experience.  I'll give you some hints.

First, I did it in two steps.  The first simply populated the last_logon table from dba_users.

After initial population, I used a merge into last_user_logon using a select from dba_audit_trail.  Since we a populating "user" table from the audit trail, what column of dba_audit trail do you think would be appropriate to drive this?  Since we are using the audit trail to get logon information, what ACTION do you think would be appropriate to select on?

Go ahead.  Give it your best shot.  After you show your work, I'll offer some more hints.  But I am much more interested in teaching you to fish than I am simply giving you a fish dinner.

-- Edited at 10:02 US CDT, 25 July

2 people found this helpful
Robeen

CREATE TABLE "LOCALDBA"."LAST_USER_LOGON"

  (    "USERNAME" VARCHAR2(30 BYTE),

       "OS_USERNAME" VARCHAR2(30 BYTE),

       "LAST_LOGON_DATE" DATE,

       "SOURCE_IND" CHAR(1 BYTE) DEFAULT 'A',

    CONSTRAINT "LAST_LOGON_PK" PRIMARY KEY ("USERNAME")

After creating the logon table(populate username from dba_users) I use:

MERGE INTO LAST_USER_LOGON T

USING (select USERNAME,TIMESTAMP,OS_USERNAME,TIMESTAMP FROM DBA_AUDIT_TRAIL) S

ON (S.USERNAME=T.USERNAME)

WHEN MATCHED THEN UPDATE (T.USERNAME=S.USERNAME)

UPDATE (T.OS_USERNAME=S.OS_USERNAME)

UPDATE (T.LAST_LOGON_DATE=S.TIMESTAMP)

;

EdStevens 
Robeen wrote:
CREATE TABLE "LOCALDBA"."LAST_USER_LOGON"
 ( "USERNAME" VARCHAR2(30 BYTE),
 "OS_USERNAME" VARCHAR2(30 BYTE),
 "LAST_LOGON_DATE" DATE,
 "SOURCE_IND" CHAR(1 BYTE) DEFAULT 'A',
 CONSTRAINT "LAST_LOGON_PK" PRIMARY KEY ("USERNAME")
After creating the logon table(populate username from dba_users) I use:
MERGE INTO LAST_USER_LOGON T
USING (select USERNAME,TIMESTAMP,OS_USERNAME,TIMESTAMP FROM DBA_AUDIT_TRAIL) S 
ON (S.USERNAME=T.USERNAME)
WHEN MATCHED THEN UPDATE (T.USERNAME=S.USERNAME)
UPDATE (T.OS_USERNAME=S.OS_USERNAME)
UPDATE (T.LAST_LOGON_DATE=S.TIMESTAMP)
;

It would really help if you were to format your code:

MERGE INTO LAST_USER_LOGON T

USING (select USERNAME,

              TIMESTAMP,

              OS_USERNAME,

              TIMESTAMP

        FROM DBA_AUDIT_TRAIL) S

ON (S.USERNAME=T.USERNAME)

WHEN MATCHED THEN UPDATE (T.USERNAME=S.USERNAME)

UPDATE (T.OS_USERNAME=S.OS_USERNAME)

UPDATE (T.LAST_LOGON_DATE=S.TIMESTAMP);

Now, let me ask you a few questions about that merge statement, in no particular order of importance.

- Why do you select TIMESTAMP twice ?

- The SELECT has no filter -- no WHERE clause.  What do you do if the SELECT returns more than one row?

- How are you insuring that you only get audit records related to a user logon?

- Why are you updating the username column of the 'last_logon' table?

jgarry

Isn't sys connection always logged to the OS anyways?

ddf_dba

Yes, by default audit_sys_operations is set to TRUE so such information is in the audit trail.  This explains it a bit better:"

https://docs.oracle.com/database/121/REFRN/GUID-58176267-238C-40B5-B1F2-BB8BB9518950.htm#REFRN10005

David Fitzjarrell

John Stegeman

free fish dinner? Where?

Sorry, that was the part that jumped out at me when I read

Robeen

I have corrected the script

MERGE INTO LAST_USER_LOGON T

USING (select

                    USERNAME,

                    OS_USERNAME,

                    TIMESTAMP

                    FROM DBA_AUDIT_TRAIL WHERE action_name='LOGON'

) S

ON (

               T.USERNAME=S.USERNAME

     )

WHEN MATCHED THEN INSERT(OS_USERNAME,LAST_LOGON_DATE) VALUES (S.OS_USERNAME,S.TIMESTAMP)

WHEN NOT MATCHED BY TARGET THEN INSERT(OS_USERNAME,LAST_LOGON_DATE) VALUES (S.OS_USERNAME,SYSDATE)

;

EdStevens 
Robeen wrote:
I have corrected the script
MERGE INTO LAST_USER_LOGON T
USING (select
 USERNAME,
 OS_USERNAME,
 TIMESTAMP
 FROM DBA_AUDIT_TRAIL WHERE action_name='LOGON' 
) S
ON (
 T.USERNAME=S.USERNAME
 )
WHEN MATCHED THEN INSERT(OS_USERNAME,LAST_LOGON_DATE) VALUES (S.OS_USERNAME,S.TIMESTAMP)
WHEN NOT MATCHED BY TARGET THEN INSERT(OS_USERNAME,LAST_LOGON_DATE) VALUES (S.OS_USERNAME,SYSDATE)
;

Once again, PLEASE format your code.  I'll do it for you one more time, but that's it.

MERGE INTO LAST_USER_LOGON T

USING (select USERNAME,

              OS_USERNAME,

              TIMESTAMP

      FROM DBA_AUDIT_TRAIL

      WHERE action_name='LOGON'

      ) S

ON (T.USERNAME=S.USERNAME)

WHEN MATCHED

  THEN INSERT (OS_USERNAME,

                LAST_LOGON_DATE

                )

        VALUES (S.OS_USERNAME,

                S.TIMESTAMP

                )

WHEN NOT MATCHED BY TARGET

  THEN INSERT (OS_USERNAME,

                LAST_LOGON_DATE

                )

        VALUES (S.OS_USERNAME,

                SYSDATE

                )

;

-  Check the syntax of the MERGE statement. "WHEN MATCHED THEN INSERT" ??????

- How do you possibly get a NOT MATCHED condition?  If you started by creating the table as a SELECT from DBA_USERS, or doing an initial load from DBA_USERS, how is it you have an audit record for a user that doesn't exist?  If you have an audit record for a user that has since been dropped (and thus not in DBA_USERS or LAST_LOGON) why do you want to force and entry for them back into LAST_LOGON?

- Still, your SELECT against DBA_AUDIT_TRAIL is going to return multiple rows per user.  You are not finished filtering it.  Think about that.  You get multiple rows -- representing multiple logons - per user.  Which one which value of  TIMESTAMP do you want to use?  How do you get that one single value?

- Most importantly ... what happened when you tested that statement?  On your next iteration, I'm going to want to see results of an actual test, not just some untested and syntactically incorrect code.  Use the following template test script, and post the output:

-- doit.sql

set echo on feedback on verify on trimsp on

spo doit.log

< put your sql here >

spo off

Remember, we are not working on the trigger that will take care of on-going maintenance.  This is just to get the initial load before you enable the trigger.

jgarry 
John Stegeman wrote:
free fish dinner? Where?
Sorry, that was the part that jumped out at me when I read

The executives where I work periodically go on fishing trips, then give away what's still left from the previous trip.  The logistics of carrying frozen fish on the train is always a challenge for me

ddf_dba

Be thankful they don't go whaling.

David Fitzjarrell

1 person found this helpful
Robeen

I implemented the steps from (Doc ID 70679.1)

It is ok now.

EdStevens 
Robeen wrote:
I implemented the steps from (Doc ID 70679.1)
It is ok now.

Is it ok now?

What you have implemented is not a stable table showing the most recent logon, but an ever-growing audit table much like SYS.AUD$.  You will need to also implement housekeeping procedures.

Too bad you gave up and went for some pre-canned code.  You deprived yourself of a very valuable learning experience.

jgarry

Sometimes very old things are still valid, sometimes not.

"the Oracle 8i new logon trigger"
Robeen

When I query

select USERNAME,OS_USERNAME,USERHOST, MAX(TIMESTAMP) LDate from DBA_AUDIT_TRAIL where action_name='LOGON' AND upper(USERNAME) IN

(SELECT UPPER(UAF_SNAM) FROM WAM_UAF)

GROUP BY USERNAME,OS_USERNAME,USERHOST;

I am getting data for only 2 days. How can I extend it to 6 months?

John Thorton 
Robeen wrote:
When I query 
select USERNAME,OS_USERNAME,USERHOST, MAX(TIMESTAMP) LDate from DBA_AUDIT_TRAIL where action_name='LOGON' AND upper(USERNAME) IN 
(SELECT UPPER(UAF_SNAM) FROM WAM_UAF)
GROUP BY USERNAME,OS_USERNAME,USERHOST;
I am getting data for only 2 days. How can I extend it to 6 months?

query again in 6 months

EdStevens 
Robeen wrote:
When I query 
select USERNAME,OS_USERNAME,USERHOST, MAX(TIMESTAMP) LDate from DBA_AUDIT_TRAIL where action_name='LOGON' AND upper(USERNAME) IN 
(SELECT UPPER(UAF_SNAM) FROM WAM_UAF)
GROUP BY USERNAME,OS_USERNAME,USERHOST;
I am getting data for only 2 days. How can I extend it to 6 months?

STILL not formatting your code, I see.  How many times in this thread alone has this been mentioned?

Perhaps the user list returned from your IN clause only has two days of history in DBA_AUDIT_TRAIL.  Perhaps your DBA_AUDIT_TRAIL itself only has two days of history, total.  We can't say because we don't have your data.

Show us

select min(timestamp)

from dba_audit_trail

where action_name='LOGON';

What is the significance of the WAM_UAF table here?

Robeen

SQL> select min(timestamp) from dba_audit_trail where action_name='LOGON';

MIN(TIMES

---------

29-JUL-17

John Thorton 
Robeen wrote:
SQL> select min(timestamp) from dba_audit_trail where action_name='LOGON';
MIN(TIMES
---------
29-JUL-17

The oldest data in AUDIT log is only two days old.

If you want to report 6 months worth of data, you need to wait six months to have that much history in AUDIT log.

Robeen

But why data for 6 moths old was not shown

John Thorton 
Robeen wrote:
But why data for 6 moths old was not shown

you only enabled AUDIT 2 days ago.

BeefStu

Ed would it be possible to share your trigger and the code to load the initial table. We are running on several different versions 11.2.0.4 12.1 and 12.2 and need a generic solution for all environments.

Thanks in advance for any help

EdStevens 
BeefStu wrote:
Ed would it be possible to share your trigger and the code to load the initial table. We are running on several different versions 11.2.0.4 12.1 and 12.2 and need a generic solution for all environments.
Thanks in advance for any help

I really don't want to be seen as "unhelpful", but just like I told robeen, this is a valuable learning experience for anyone interested.  If you read through the exchange I had with him, you'll see PLENTY of clues.

BeefStu

Ed

Can you share your trigger and code used to

Load your table. We are running on 11.2.0.4 12.1 12.2

And need a generic solution to this issue.

Thanks in advance to all that answer

EdStevens 
BeefStu wrote:
Ed
Can you share your trigger and code used to
Load your table. We are running on 11.2.0.4 12.1 12.2
And need a generic solution to this issue.
Thanks in advance to all that answer

I really don't want to be seen as "unhelpful", but just like I told robeen, this is a valuable learning experience for anyone interested.  If you read through the exchange I had with him, you'll see PLENTY of clues.

Go ahead, give it your best shot.  People here (myself included) are not inclined to provide a free code writing service but will gladly help you troubleshoot and improve your own work.  Like I told the OP, I'll gladly help you learn to fish, but I will not provide free fish dinners.

3 people found this helpful
John Thorton 
BeefStu wrote:
Ed would it be possible to share your trigger and the code to load the initial table. We are running on several different versions 11.2.0.4 12.1 and 12.2 and need a generic solution for all environments.
Thanks in advance for any help

It would be simpler & faster to

AUDIT CREATE SESSION

BeefStu

Thanks for your reply but as info is cleaned from the audit trail this information will be lost. I like the idea of keeping one record per id.

I have the following

Create table last_login (login_id varchar2(30) last_login date)

Create or replace trigger last_login_trig

After login database

Begin

Insert into last_login values (user, sysdate);

Commit;

End last_login_trig;

What I need is code to update last_login if record not found do an insert. I looked at merge but it seems to me this deals with different tables. Any ideas would be appreciated

John Thorton 
BeefStu wrote:
Thanks for your reply but as info is cleaned from the audit trail this information will be lost. I like the idea of keeping one record per id.
I have the following 
Create table last_login (login_id varchar2(30) last_login date)
Create or replace trigger last_login_trig
After login database
Begin
Insert into last_login values (user, sysdate);
Commit;
End last_login_trig;
What I need is code to update last_login if record not found do an insert. I looked at merge but it seems to me this deals with different tables. Any ideas would be appreciated

So why do you hijack thread started by another USER?

Merge is designed to UPDATE when KEY exists or INSERT new record to same table

LMGTFY

EdStevens 
BeefStu wrote:
Thanks for your reply but as info is cleaned from the audit trail this information will be lost. I like the idea of keeping one record per id.
I have the following 
Create table last_login (login_id varchar2(30) last_login date)
Create or replace trigger last_login_trig
After login database
Begin
Insert into last_login values (user, sysdate);
Commit;
End last_login_trig;
What I need is code to update last_login if record not found do an insert. I looked at merge but it seems to me this deals with different tables. Any ideas would be appreciated

You misunderstand how merge works.  It iis exactly what I put in my trigger.  Take another look at the doc and examples you find via google.  Also, you might want your table to have a column to indicate the source of the date.  Go back and re-read this entire thread with that in mind.  Think about when you are looking at this table -- was that date associate with Fred really the last time he connected, or was it a default from when the table was initially created?

AndrewSayer

I suggest you start your own thread, that way you can reward helpful contributions and you’d probably end up with more responses.

BeefStu

Ed thanks. I see the merge can use dual. I will play with that. In the future I will start a new thread as recommended

1 - 47
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Apr 25 2008
Added on Dec 4 2007
#kerberos-java-gss-jgss
3 comments
611 views