收到报警,检查alert文件,发现以下wainning:
Fatal NI connect error 12170.
VERSION INFORMATION:
TNS for Linux: Version 11.2.0.4.0 - Production Oracle Bequeath NT Protocol Adapter for Linux: Version 11.2.0.4.0 - Production TCP/IP NT Protocol Adapter for Linux: Version 11.2.0.4.0 - Production Time: 13-JUL-2017 13:22:00 Tracing not turned on. Tns error struct: ns main err code: 12535TNS-12535: TNS:operation timed out ns secondary err code: 12606 nt main err code: 0 nt secondary err code: 0 nt OS err code: 0 Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.205.53.12)(PORT=23730))WARNING: inbound connection timed out (ORA-3136) 有三种因素会导致这个警告出现:1.Server gets a connection request from a malicious client which is not supposed to connect to the database , in which case the error thrown is the correct behavior. You can get the client address for which the error was thrown via sqlnet log file.2.The server receives a valid client connection request but the client takes a long time to authenticate more than the default 60 seconds.
3.The DB server is heavily loaded due to which it cannot finish the client logon within the timeout specified。
第1种可以通过sqlnet.log($ORACLE_HOME/network/log/下)文件确定,第3种可以用top -c查看DB Server的load来确定。
下面再现第2种可能:通过oracle 11gr2 client 连接db,然后故意输入错误的账号密码,等待60秒钟,检查alert日志文件就可以看到这种warning了。C:\Users\mdu>sqlplus system@chnpelt1-vipSQL*Plus: Release 11.2.0.1.0 Production on 星期六 1月 19 13:58:11 2013Copyright (c) 1982, 2010, Oracle. All rights reserved.输入口令:连接到: Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, Data Mining and Real Application Testing optionsSQL> conn elitee@chnpelt1-vip ###输入错误的用户名及密码 输入口令: ERROR: ORA-01017: invalid username/password; logon denied 警告: 您不再连接到 ORACLE。 SQL> ####此session等待60秒钟不再做任何操作CHNPELT1@shaplora01$ tail -20 alert_CHNPELT1.log ***********************************************************************Fatal NI connect error 12170. VERSION INFORMATION: TNS for Linux: Version 11.2.0.2.0 - Production Oracle Bequeath NT Protocol Adapter for Linux: Version 11.2.0.2.0 - Production TCP/IP NT Protocol Adapter for Linux: Version 11.2.0.2.0 - Production Time: 19-JAN-2013 13:59:41 Tracing not turned on. Tns error struct: ns main err code: 12535 TNS-12535: TNS:operation timed out ns secondary err code: 12606 nt main err code: 0 nt secondary err code: 0 nt OS err code: 0 Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.64.108.62)(PORT=60809)) WARNING: inbound connection timed out (ORA-3136)我们发现,已经再现成功了。为什么要等待60秒钟呢?因为在sqlnet.ora文件中有一个默认的参数SQLNET.INBOUND_CONNECT_TIMEOUT来控制这个时间,如果没有显式的指定此参数,那么默认就是60秒钟。如果不想在alert日志中收到这样的报错,可以设置SQLNET.INBOUND_CONNECT_TIMEOUT=0.下面是从网上搜索的关于SQLNET.INBOUND_CONNECT_TIMEOUT的介绍:Question: What is the "sqlnet.inbound_connect_timeout" parameter and how do I use sqlnet.inbound_connect_timeout for logging off idle sessions?Answer: The sqlnet.inbound_connect_timeout parameter is used to limit the time, set in seconds, for a client to connect with the database server and provide the required authentication information.---恢复内容结束---
收到报警,检查alert文件,发现以下wainning:
Fatal NI connect error 12170.VERSION INFORMATION:
TNS for Linux: Version 11.2.0.4.0 - Production Oracle Bequeath NT Protocol Adapter for Linux: Version 11.2.0.4.0 - Production TCP/IP NT Protocol Adapter for Linux: Version 11.2.0.4.0 - Production Time: 13-JUL-2017 13:22:00 Tracing not turned on. Tns error struct: ns main err code: 12535TNS-12535: TNS:operation timed out ns secondary err code: 12606 nt main err code: 0 nt secondary err code: 0 nt OS err code: 0 Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.205.53.12)(PORT=23730))WARNING: inbound connection timed out (ORA-3136) 有三种因素会导致这个警告出现:1.Server gets a connection request from a malicious client which is not supposed to connect to the database , in which case the error thrown is the correct behavior. You can get the client address for which the error was thrown via sqlnet log file.2.The server receives a valid client connection request but the client takes a long time to authenticate more than the default 60 seconds.
3.The DB server is heavily loaded due to which it cannot finish the client logon within the timeout specified。
第1种可以通过sqlnet.log($ORACLE_HOME/network/log/下)文件确定,第3种可以用top -c查看DB Server的load来确定。
下面再现第2种可能:通过oracle 11gr2 client 连接db,然后故意输入错误的账号密码,等待60秒钟,检查alert日志文件就可以看到这种warning了。C:\Users\mdu>sqlplus system@chnpelt1-vipSQL*Plus: Release 11.2.0.1.0 Production on 星期六 1月 19 13:58:11 2013Copyright (c) 1982, 2010, Oracle. All rights reserved.输入口令:连接到: Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, Data Mining and Real Application Testing optionsSQL> conn elitee@chnpelt1-vip ###输入错误的用户名及密码 输入口令: ERROR: ORA-01017: invalid username/password; logon denied 警告: 您不再连接到 ORACLE。 SQL> ####此session等待60秒钟不再做任何操作CHNPELT1@shaplora01$ tail -20 alert_CHNPELT1.log ***********************************************************************Fatal NI connect error 12170. VERSION INFORMATION: TNS for Linux: Version 11.2.0.2.0 - Production Oracle Bequeath NT Protocol Adapter for Linux: Version 11.2.0.2.0 - Production TCP/IP NT Protocol Adapter for Linux: Version 11.2.0.2.0 - Production Time: 19-JAN-2013 13:59:41 Tracing not turned on. Tns error struct: ns main err code: 12535 TNS-12535: TNS:operation timed out ns secondary err code: 12606 nt main err code: 0 nt secondary err code: 0 nt OS err code: 0 Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.64.108.62)(PORT=60809)) WARNING: inbound connection timed out (ORA-3136)我们发现,已经再现成功了。为什么要等待60秒钟呢?因为在sqlnet.ora文件中有一个默认的参数SQLNET.INBOUND_CONNECT_TIMEOUT来控制这个时间,如果没有显式的指定此参数,那么默认就是60秒钟。如果不想在alert日志中收到这样的报错,可以设置SQLNET.INBOUND_CONNECT_TIMEOUT=0.下面是从网上搜索的关于SQLNET.INBOUND_CONNECT_TIMEOUT的介绍:Question: What is the "sqlnet.inbound_connect_timeout" parameter and how do I use sqlnet.inbound_connect_timeout for logging off idle sessions?Answer: The sqlnet.inbound_connect_timeout parameter is used to limit the time, set in seconds, for a client to connect with the database server and provide the required authentication information.