环境:Oracle 11.2.0.3
1. 客户端使用错误的用户密码登陆数据库
PS C:UsersAdministrator> sqlplus jingyu/ludan@jingyu
SQL*Plus: Release 11.2.0.1.0 Production on 星期一 9月 7 11:28:08 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
2. 查询最近1天由于密码错误登陆失败的信息
select sessionid, userid, userhost, comment$text, spare1, ntimestamp#
from aud$
where returncode = 1017
and ntimestamp# > sysdate - 1;
查询结果如下:
22479 JINGYU WORKGROUPWIN-3KBILBGK27B
Authenticated by: DATABASE; Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.99.12)(PORT=49843))
Administrator 07-SEP-15 03.28.05.293986 AM
可以根据查询结果定位到是哪台机器使用错误的用户密码尝试登陆数据库。
3. 查询当前审计中有哪些returncode值
SQL> select distinct returncode from aud$;
RETURNCODE
----------
2002
1017
1920
1005
0
28009
28000
7 rows selected
查询这些值对应的相关错误信息:
[oracle@JY-DB01 u01]$ oerr ora 28009
28009, 00000, "connection as SYS should be as SYSDBA or SYSOPER"
// *Cause: connect SYS/<password> is no longer a valid syntax
// *Action: Try connect SYS/<password> as SYSDBA or
// connect SYS/<password> as SYSOPER
//
[oracle@JY-DB01 u01]$ oerr ora 28000
28000, 00000, "the account is locked"
// *Cause: The user has entered wrong password consequently for maximum
// number of times specified by the user's profile parameter
// FAILED_LOGIN_ATTEMPTS, or the DBA has locked the account
// *Action: Wait for PASSWORD_LOCK_TIME or contact DBA
[oracle@JY-DB01 u01]$ oerr ora 1017
01017, 00000, "invalid username/password; logon denied"
// *Cause:
// *Action:
[oracle@JY-DB01 u01]$ oerr ora 1920
01920, 00000, "user name '%s' conflicts with another user or role name"
// *Cause: There is already a user or role with that name.
// *Action: Specify a different user name.
[oracle@JY-DB01 u01]$ oerr ora 1005
01005, 00000, "null password given; logon denied"
// *Cause:
// *Action:
[oracle@JY-DB01 u01]$ oerr ora 2002
02002, 00000, "error while writing to audit trail"
// *Cause:
// *Action: