Modify listener port

Task: to identify from where all the connections are coming or better to say, who is coming from where?

Reason: Planning to change the database listening port, earlier it was 1521, the default, but making it 1540

Please advise/share what are our best options, thinking of looking into listener.log and extracting all the HOST=<ip address>.

Please do update/reply, if any guru has any better solution to find all the hosts from where connections are coming.

Thanks in advnace.
Mushfique KhanDirector OperationsAsked:
Who is Participating?
 
sdstuberConnect With a Mentor Commented:
turn on auditing for your connections  and look at the userhost column of dba_audit_trail
audit create session;

Open in new window



an advantage of going to the listener log though is that your can also find attempted but failed connections.  The database audit trail will only capture activity that actually made it to the db.
0
 
Mushfique KhanDirector OperationsAuthor Commented:
thanks sdstuber, but can you please share how to accomplish it, how to enable this auditing or either can direct me to any link/doc, from where I can get something step by step.

thanks again for your quick response :)
0
 
sdstuberCommented:
the code block in the original post  shows how to do it.

audit create session;  --  just those 3 words

it's very possible your dba had auditing already turned on, in which case you can simply query the view without doing anything.

then any time someone logs on a record will be created in dba_audit_trail.

then you simply query that view.

select * from dba_audit_trail.


make sure your init parameter audit_trail is set to write to the DB

select value from v$parameter where name = 'audit_trail';

you want either DB or DB, EXTENDED
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Mushfique KhanDirector OperationsAuthor Commented:
it's OS ... :( now what to do?
0
 
sdstuberCommented:
OS means the audit records are written to files outside of the database.  So you can't simply use sql to read the data.

you can still read the files, and try to parse out the userhost values from the file,  it'll be a similar effort to what you're doing with listener logs

use this query to find where the audit files are written

select value from v$parameter where name = 'audit_file_dest';
0
 
Mushfique KhanDirector OperationsAuthor Commented:
yes sdstuber already got the location, but now the same task, how to extract the host info from those log files ... will you be able to assist here?
0
 
sdstuberCommented:
try something like this

 awk '{for (i=1;i<=NF;i++) {if ($i == "USERHOST:") {print $(i+1)}}}'  your_audit_file_here.aud


it is important to note that Oracle doesn't document the file format of the OS audit files and has changed the format between versions, so what works now may not work in the future and may not work on older versions.  

If you want more consistent content then you might need to switch to XML format, or not use external files, but instead use DB and then you can use the dba_audit_trail as shown above
0
 
Mushfique KhanDirector OperationsAuthor Commented:
this didn't work, I've submitted another question over here, how to find, trying that ...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.