Question: What is the "sqlnet.inbound_connect_timeout"
parameter and how do I use
sqlnet.inbound_connect_timeout for logging off idle sessions?
sqlnet.inbound_connect_timeout parameter is used to limit the
time, set in seconds, for a client to connect with the database
server and provide the required authentication information.
Also see my important notes on
expiring sessions with high idle time.
To minimize the effect of denial-of-service
attacks, you should configure
sqlnet.inbound_connect_timeout parameter to limits
that constrain the time in which resources can be held prior to
authentication. In this way, client attempts to exceed the
configured limits will result in connection terminations and an
audit trail containing the IP address of the client being logged.
To limit consumption of Oracle resources by
unauthorized users and enable an audit trail, you should set the
time-limit values for the sqlnet.inbound_connect_timeout
parameter, expressed in wall-clock seconds
Failure resulting from
sqlnet.inbound_connect_timeout will throw a
ORA-03136 inbound connection timed out error.
You can enable SQL*NET logging by setting:
- sqlnet.trace_level_listener=4. This parameter defaults to OFF. The value can be set to 4 (which is USER) or 10 (which is ADMIN) or 16 (which is SUPPORT). Normally, level 4 should suffice.
- You can set the inbound_connect_timeout to a non-zero value, See MOSC Document 465043.1.
- Beware of a bug that can cause corruption, See MOSC Document 976852.1.
- Also see the MOSC note 730066.1 titled “Diagnosis of ORA-3135/ORA-3136 Connection Timeouts when the Fault is in the Database”.
Get the Complete
Oracle SQL Tuning Information
The landmark book
SQL Tuning The Definitive Reference" is
filled with valuable information on Oracle SQL Tuning.
This book includes scripts and tools to hypercharge Oracle 11g
performance and you can
for 30% off directly from the publisher.