cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HANA Audit does not log failed login attempts

Go to solution
former_member297082
Explorer

on ‎06-28-2016 3:18 PM

0 Kudos

Hello community,

could you please give me a quick hint on this issue?
I've created an audit policy via HANA Studio and deployed it.


Policy is enabled, I'd like to audit CONNECT, DISCONNECT SESSION, CANCEL SESSION, actions are ALL, audit Level is WARNING and before that I also tried INFO and the user is correct.

The problem is I only see successful Login attempts in the syslos and no failed attempts for example when I type in wrong Passwords in HANA Studio (Adding the System with another user). As soon as I enter the correct Password it Shows up in the logs. We need to see all failed login attempts.

The audit policy also ignores when the user gets locked, but I guess that's another story.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-28-2016 5:23 PM
0 Kudos

Hi Nicolai.

Please take a look at the SAP HANA Security Guide (page 151,...)

http://help.sap.com/hana/SAP_HANA_Security_Guide_en.pdf

If you have the CONNECT audit, when it fails to login you should get this kind o log message in the syslog:

[...]

;INFO;CONNECT;SYSTEM;;;;;;USERNAME;UNSUCCESSFUL;;;;;;invalid username or password

You can also take a look at the SYS SCHEMA --> Views --> USERS

You can monitor the LAST_INVALID_CONNECT_ATTEMPT or the INVALID_CONNECT_ATTEMPTS

Regrads.

Osvaldo Dias Ferreira

Show replies
Show replies
former_member297082
Explorer
‎07-04-2016 12:16 PM
0 Kudos

Thank you, but I still don't get any other Messages than the SUCCESSFUL Messages with type INFO. I've made sure that my policy is correct...

Answers (3)

Answers (3)

former_member267944
Explorer
‎10-06-2016 3:45 PM
0 Kudos

It is important to specify the action status in the Audited Action status tab. The following values are available:

SUCCESFUL

UNSUCCESFUL

ALL

Show replies
Show replies
rindia
Active Contributor
‎06-29-2016 4:24 PM
0 Kudos

Hi Nicolai,

If the purpose is to see how many are the the invalid attempts, then you can directly query the table USERS

SELECT * FROM USERS WHERE USER_NAME = 'give_user_name';

If you want to know the detailed information for whats wrong then you can set the Configuration parameter:

If Single Container:

indexserver.ini  => password policy => detailed_error_on_connect => true

If Multiple container:

nameserver.ini  => password policy => detailed_error_on_connect => true

If set to false, only the informationauthentication failedis returned.

If set to true, the specific reason for failed logon is returned:

  • Invalid user or password
  • User is locked
  • Connect try is outside validity period
  • User is deactivated

Details for configuration is here.


Regards

Raj Kumar Salla

Show replies
Show replies
former_member297082
Explorer
‎07-04-2016 12:14 PM
0 Kudos

Thanks, but it still doesn't work.

All I see in the syslog are the SUCCESSFUL (INFO) Messages, but there is no message about an unsuccessful login via HANA Studio.

Former Member
‎06-28-2016 5:26 PM
0 Kudos

Can you try the below.

Audit Action Type ALL

Create Two Audit policies at a time with Audit level Alert & Critical.

Regards,

Pavan Gunda

Show replies
Show replies
Ask a Question