on 07-27-2015 4:37 PM
Hi All,
We have a strange issue where one of the HANA user is getting locked. Is there way to trace as to from which IP address is it coming?
What would be our tracing options since database trace is not giving the expected results as desired.
Hello,
If you have active auditing policies in your system check if it is capturing invalid connection attempts. If so and if CONNECT statements are being audited you can check on yourauditing trail for that sort of info. If not, an option is to audit that sort of scenario.
An output of syslog with that sort of policy would look like:
[...]
Jul 27 16:25:02 <connect_to_host> HDB[31612]: 2015-07-27 16:25:02;indexserver;<hana_host>;YPE;00;30003;;10.2.125.96;<source host>;12148;64643;configuration change;INFO;CONNECT;SYSTEM;;;;;;AA_USER;UNSUCCESSFUL;;;;;;invalid username or password at ptime/query/catalog/userinfo.cc:958;;401858;<application user>;
[...]
Check the auditing documentation for more info: Activate and Configure Auditing - SAP HANA Administration Guide - SAP Library
Not sure if this is the best option though.
Any other options community?
BRs,
Lucas de Oliveira
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lucas,
This is what was happening.
We had a user which was getting constantly locked.
We had audit enabled to go into a table.
AUDIT_LOG.
For the field USER_NAME it didnt populate with the user name which was getting locked.
So later when we did a order by desc on timestamp we had seen that cause was due to incorrect password from HANA studio, but we had ignored these entries becuase they belonged to a different user name. So audit entries are not that easy to identify as mentioned in the KBA.
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.