Home   |   Register   |   Rules   |   Calendar   |   Get Daily   |     |  
 


If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
Go Back  dBforums > Database Server Software > DB2 > Finding the failed login app

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-17-08, 09:39
PKPChuck PKPChuck is offline
Registered User
  
Join Date: Sep 2006
Location: Columbus, OH
Posts: 64
Finding the failed login app
DB2 8.2
AIX 5L

I'm seeing a failed login every 1 minute in the dbdiag.log. I am trying to find out what script/app has the wrong password set which is causing this error. Looking for some tips to hunt this down.




Code:
2008-01-17-09.36.28.237620-300 I119118C273        LEVEL: Warning
PID     : 83102                TID : 1
FUNCTION: DB2 Common, Security, Users and Groups, secLogMessage, probe:20
DATA #1 : String, 67 bytes
Password validation for user tivinp01 failed with rc = -2146500507


2008-01-17-09.36.28.237795-300 I119392C487        LEVEL: Warning
PID     : 83102                TID  : 1           PROC : db2agent (TEC38) 0
INSTANCE: tivinp01             NODE : 000         DB   : TEC38
APPHDL  : 0-1035
FUNCTION: DB2 UDB, bsu security, sqlexSlsSystemAuthenticate, probe:900
MESSAGE : application id:
DATA #1 : Hexdump, 26 bytes
0x2FF13750 : 3942 4234 3341 3537 2E41 3532 342E 3038    9BB43A57.A524.08
0x2FF13760 : 3031 3137 3134 3336 3238                   0117143628

2008-01-17-09.36.28.238114-300 I119880C403        LEVEL: Warning
PID     : 83102                TID  : 1           PROC : db2agent (TEC38) 0
INSTANCE: tivinp01             NODE : 000         DB   : TEC38
APPHDL  : 0-1035
FUNCTION: DB2 UDB, bsu security, sqlexSlsSystemAuthenticate, probe:901
MESSAGE : client pid:
DATA #1 : Hexdump, 4 bytes
0x3018DA74 : 0000 0000                                  ....

2008-01-17-09.36.28.238381-300 I120284C403        LEVEL: Warning
PID     : 83102                TID  : 1           PROC : db2agent (TEC38) 0
INSTANCE: tivinp01             NODE : 000         DB   : TEC38
APPHDL  : 0-1035
FUNCTION: DB2 UDB, bsu security, sqlexSlsSystemAuthenticate, probe:902
MESSAGE : client tid:
DATA #1 : Hexdump, 4 bytes
Thanks,
Charlie
Reply With Quote
  #2 (permalink)  
Old 01-17-08, 10:09
n_i n_i is offline
:-)
  
Join Date: Jun 2003
Location: Toronto, Canada
Posts: 4,449
The highlighted part below:
Code:
2008-01-17-09.36.28.237795-300 I119392C487        LEVEL: Warning
PID     : 83102                TID  : 1           PROC : db2agent (TEC38) 0
INSTANCE: tivinp01             NODE : 000         DB   : TEC38
APPHDL  : 0-1035
FUNCTION: DB2 UDB, bsu security, sqlexSlsSystemAuthenticate, probe:900
MESSAGE : application id:
DATA #1 : Hexdump, 26 bytes
0x2FF13750 : 3942 4234 3341 3537 2E41 3532 342E 3038    9BB43A57.A524.08
0x2FF13760 : 3031 3137 3134 3336 3238                   0117143628
looks like an application ID, which contains the source IP address (9BB43A57 in this case).
Reply With Quote
  #3 (permalink)  
Old 01-17-08, 10:12
ARWinner ARWinner is offline
Registered User
  
Join Date: Jan 2003
Posts: 3,575
You are going to have to do it the hard way. You have the username (tivinp01) that is being used. You might be able to use the db2diag utility to get more information. After that you will have to figure it out outside DB2.

Andy
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


 
 
 
Home  |   Register  |   Get New  |   FAQ's  |   Sitemap

Powered by vBulletin
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.