8 Oracle Net Listener Parameters in the listener.ora File
This chapter provides a complete listing of the listener.ora file configuration parameters.
- Overview of Oracle Net Listener Configuration File
Oracle Net Listener configuration, stored in thelistener.orafile, consists of these elements. - Protocol Address Parameters
This section describes the most common parameters used in protocol addresses. TheADDRESS_LISTparameter is also supported. - Connection Rate Limiter Parameters
The connection rate limiter feature in Oracle Net Listener enables a database administrator to limit the number of new connections handled by the listener. When this feature is enabled, Oracle Net Listener imposes a user-specified maximum limit on the number of new connections handled by the listener every second. Depending on the configuration, the rate can be applied to a collection of endpoints, or to a specific endpoint. - Control Parameters
This section describes the following parameters that control the behavior of the listener: - ADR Diagnostic Parameters for Oracle Net Listener
The diagnostic data for the critical errors is quickly captured and stored in the ADR for Oracle Net listener. - Non-ADR Diagnostic Parameters for Oracle Net Listener
This section lists the parameters used when ADR is disabled. The default value ofDIAG_ADR_ENABLED_listener_nameison. Therefore, theDIAG_ADR_ENABLED_listener_nameparameter must explicitly be set tooffto use non-ADR tracing. - Class of Secure Transports Parameters
The class of secure transports (COST) parameters specify a list of transports that are considered secure for administration and registration of a particular listener.
8.1 Overview of Oracle Net Listener Configuration File
Oracle Net Listener configuration, stored in the listener.ora file, consists of these elements.
-
Name of the listener
-
Protocol addresses that the listener is accepting connection requests on
-
Valid nodes that the listener allows to register with the database
-
Database services
-
Control parameters
Dynamic service registration, eliminates the need for static configuration of supported services. However, static service configuration is required if you plan to use Oracle Enterprise Manager Cloud Control. For information about static service configuration, see Oracle Database Net Services Administrator's Guide.
By default, the listener.ora file is located in the
ORACLE_HOME/network/admin directory. You can also
store the listener.ora in the following locations:
-
The directory specified by the
TNS_ADMINenvironment variable or registry value. -
On Linux and UNIX operating systems, it is the global configuration directory. For example, on the Oracle Solaris operating system, the directory is
/var/opt/oracle. See Oracle Database Global Data Services Concepts and Administration Guide for information about management of global service. Also refer to Oracle operating system-specific documentation. -
In the read-only Oracle home mode, the default location for the
listener.orafile isORACLE_BASE_HOME/network/admin. If thelistener.orafile is not present in theORACLE_BASE_HOME/network/admindirectory, then search for the file in theORACLE_HOME/network/admindirectory. -
In the read-only Oracle home mode, the parameters are stored in the
ORACLE_BASE_HOMElocation by default.
It is possible to configure multiple listeners, each with a unique name, in one
listener.ora file. Multiple listener configurations are possible because
each of the top-level configuration parameters has a suffix of the listener name or is the
listener name itself.
Note:
-
It is often useful to configure multiple listeners in one
listener.orafile. However, Oracle recommends running only one listener for each node in most customer environments. -
Oracle Net Services supports the IFILE parameter in the
listener.orafile, with up to three levels of nesting. The parameter is added manually to the file. The following is an example of the syntax:IFILE=/tmp/listener_em.ora IFILE=/tmp/listener_cust1.ora IFILE=/tmp/listener_cust2.ora
Refer to Oracle Database Reference for additional information.
The following example shows a listener.ora file for a listener
named LISTENER, which is the default name of the listener.
Example 8-1 listener.ora File
LISTENER=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sale-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))))Parent topic: Oracle Net Listener Parameters in the listener.ora File
8.2 Protocol Address Parameters
listener.ora file
defines the protocol addresses on which the listener is accepting connection requests.
This section describes the most common parameters used in
protocol addresses. The ADDRESS_LIST parameter is also
supported.This section lists and describes the following parameters:
- ADDRESS
The protocolADDRESSparameter’s networking parameter is in thelistener.orafile. It specifies the protocol address under theDESCRIPTIONparameter for one listener. - DESCRIPTION
DESCRIPTIONnetworking parameter of the listener.ora file contains listener protocol addresses. - Firewall
- IP
The protocol address parameterIPdetermine which IP address the listener listens on when a host name is specified - QUEUESIZE
- RECV_BUF_SIZE
Use theRECV_BUF_SIZEparameter to specify buffer space for session receive operations. - SEND_BUF_SIZE
Use theSEND_BUF_SIZEparameter to specify buffer space for session send operations.
Parent topic: Oracle Net Listener Parameters in the listener.ora File
8.2.1 ADDRESS
The protocol ADDRESS parameter’s networking parameter is in the listener.ora file. It specifies the protocol address under the DESCRIPTION parameter for one listener.
Purpose
Specifies a single listener protocol address in the DESCRIPTION parameter
Usage Notes
Use this parameter to define the protocol, the host, and the port number for the listener.
Example
listener_name=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=hr-server)(PORT=1521))
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))))Parent topic: Protocol Address Parameters
8.2.2 DESCRIPTION
DESCRIPTION networking parameter of the listener.ora file contains listener protocol addresses.
Purpose
To contain listener protocol addresses.
Example 8-2 Example
listener_name= (DESCRIPTION= (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=hr-server)(PORT=1521)) (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))))Parent topic: Protocol Address Parameters
8.2.3 Firewall
Purpose
It can be set in endpoint to enable firewall functionality.
Related Topics
Parent topic: Protocol Address Parameters
8.2.4 IP
The protocol address parameter IP determine which IP address the listener listens on when a host name is specified
Purpose
To determine which IP address the listener listens on when a host name is specified.
Usage Notes
This parameter is only applicable when the HOST parameter specifies a host name.
Values
-
firstListen on the first IP address returned by the DNS resolution of the host name. If the user wants the listener to listen on the first IP to which the specified host name resolves, then the address must be qualified with
(IP=first). -
v4_onlyListen only on IPv4 addresses.
-
v6_onlyListen only on IPv6 addresses.
Default
This feature is disabled by default.
Example
listener_name=
(DESCRIPTION=
(ADDRESS=(PROTOCOL=tcp)(HOST=rancode1-vip)(PORT=1522)(IP=v6_only))Parent topic: Protocol Address Parameters
8.2.5 QUEUESIZE
Purpose
To specify the number of concurrent connection requests that the listener can accept on a TCP/IP or IPC listening endpoint (protocol address).
Usage Notes
The number of concurrent connection requests is dependent on the platform and listener usage scenarios. If the listener is heavily-loaded, then set the parameter to a higher number.
Put this parameter at the end of the protocol address with its value set to the expected number of concurrent connection requests.
Default
The default number of concurrent connection requests is operating system specific.
Example
listener_name=
(DESCRIPTION=
(ADDRESS=(PROTOCOL=tcp)(HOST=hr-server)(PORT=1521)(QUEUESIZE=20)))See Also:
Oracle Database Net Services Administrator's Guide for additional information about configuring this parameter
Parent topic: Protocol Address Parameters
8.2.6 RECV_BUF_SIZE
Use the RECV_BUF_SIZE parameter to specify buffer space for session receive operations.
Purpose
To specify, in bytes, the buffer space for receive operations of sessions.
Usage Notes
Put this parameter under the DESCRIPTION parameter or at the end of the protocol address with its value set to the expected number of bytes.
This parameter is supported by the TCP/IP, TCP/IP with TLS, and SDP protocols.
Note:
Additional protocols might support this parameter on certain operating systems. Refer to the operating system-specific documentation for information about additional protocols that support this parameter.
Default
The default value for this parameter is operating system specific. The default for the Linux operating system is 87380 bytes.
Example
listener_name= (DESCRIPTION= (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521) (RECV_BUF_SIZE=11784)) (ADDRESS=(PROTOCOL=ipc)(KEY=extproc) (RECV_BUF_SIZE=11784)))) listener_name= (DESCRIPTION= (ADDRESS_LIST= (RECV_BUF_SIZE=11784)) (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521) (ADDRESS=(PROTOCOL=ipc)(KEY=extproc))))
Related Topics
Parent topic: Protocol Address Parameters
8.2.7 SEND_BUF_SIZE
Use the SEND_BUF_SIZE parameter to specify buffer space for session send operations.
Purpose
To specify, in bytes, the buffer space for send operations of sessions.
Usage Notes
Put this parameter under the DESCRIPTION parameter or at the end of the protocol address.
This parameter is supported by the TCP/IP, TCP/IP with TLS, and SDP protocols.
Note:
Additional protocols might support this parameter on certain operating systems. Refer to operating system-specific documentation for additional information about additional protocols that support this parameter.
Default
The default value for this parameter is operating system specific. The default for the Linux operating system is 16 KB.
Example
listener_name= (DESCRIPTION= (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521) (SEND_BUF_SIZE=11280)) (ADDRESS=(PROTOCOL=ipc)(KEY=extproc) (SEND_BUF_SIZE=11280)))) listener_name= (DESCRIPTION= (SEND_BUF_SIZE=11280) (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521) (ADDRESS=(PROTOCOL=ipc)(KEY=extproc))))
Related Topics
Parent topic: Protocol Address Parameters
8.3 Connection Rate Limiter Parameters
The connection rate limiter feature in Oracle Net Listener enables a database administrator to limit the number of new connections handled by the listener. When this feature is enabled, Oracle Net Listener imposes a user-specified maximum limit on the number of new connections handled by the listener every second. Depending on the configuration, the rate can be applied to a collection of endpoints, or to a specific endpoint.
This feature is controlled through the following listener.ora configuration parameters:
- CONNECTION_RATE_listener_name
TheCONNECTION_RATE_listener_nameconfiguration parameter of thelistener.orafile specifies a global rate that is enforced across all listening endpoints that are rate-limited. - RATE_LIMIT
TheRATE_LIMITconfiguration parameter of thelistener.orafile indicates that a particular listening endpoint is rate-limited.
Parent topic: Oracle Net Listener Parameters in the listener.ora File
8.3.1 CONNECTION_RATE_listener_name
The CONNECTION_RATE_listener_name configuration
parameter of thelistener.ora file specifies a global rate that is enforced
across all listening endpoints that are rate-limited.
Purpose
To specify a global rate that is enforced across all listening endpoints that are rate-limited.
Usage Notes
When this parameter is specified, it overrides any endpoint-level numeric rate values that might be specified.
Syntax
CONNECTION_RATE_listener_name=number_of_connections_per_secondParent topic: Connection Rate Limiter Parameters
8.3.2 RATE_LIMIT
The RATE_LIMIT configuration parameter of the listener.ora file indicates that a particular listening endpoint is rate-limited.
Purpose
To indicate that a particular listening endpoint is rate-limited.
Usage Notes
The parameter is specified in the ADDRESS section of the listener endpoint configuration.
Syntax
LISTENER=
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=yes))
-
When the
RATE_LIMITparameter is set toyesfor an endpoint, that endpoint is included in the enforcement of the global rate configured by theCONNECTION_RATE_listener_nameparameter. The global rate limit is enforced individually at each endpoint that hasRATE_LIMITset toyes. -
Dynamic endpoints for listeners managed by Oracle Clusterware have the
RATE_LIMITparameter set toyes. -
When the
RATE_LIMITparameter is set to a value greater than0, then the rate limit is enforced at that endpoint level.
Examples
The following examples use the CONNECTION_RATE_listener name and RATE_LIMIT parameters.
Example 1
CONNECTION_RATE_LISTENER=10
LISTENER=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=yes))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1522)(RATE_LIMIT=yes))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1523)))
In the preceding example, the global rate of new connections is enforced separately for each endpoint. Connections through port 1521 are limited at 10 every second, and the connections through port 1522 are also separately limited at 10 every second. Connections through port 1523 are not limited.
Example 2
LISTENER= (ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=5))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1522)(RATE_LIMIT=10))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1523))
)
In the preceding example, the connection rates are enforced at the endpoint level. A maximum of 5 connections are processed through port 1521 every second. The limit for connections through port 1522 is 10 every second. Connections through port 1523 are not limited.
Note:
The global CONNECTON_RATE_listener_name parameter is not specified in the preceding configuration. If it is specified, then the limits on ports 1521 and 1522 are ignored, and the global value is used instead.
Parent topic: Connection Rate Limiter Parameters
8.4 Control Parameters
This section describes the following parameters that control the behavior of the listener:
- ADMIN_RESTRICTIONS_listener_name
Thelistener.oracontrol parameterADMIN_RESTRICTIONS_listener_namerestricts runtime administration of the listener. - ALLOW_MULTIPLE_REDIRECTS_listener_name
The listener.ora control parameterALLOW_MULTIPLE_REDIRECTS_listener_nameenables multiple redirects of the client. - CRS_NOTIFICATION_listener_name
CRS_NOTIFICATION_listener_namecontrol parameter of thelistener.orafile sets notification to allow or disallow Cluster Ready Services (CRS) to manage the listener in an Oracle Real Application Clusters environment. - DEDICATED_THROUGH_BROKER_LISTENER
DEDICATED_THROUGH_BROKER_LISTENERnetworking parameter of thelistener.orafile enables the server to spawn a thread or process when a connection to the database is requested through the listener. - DEFAULT_SERVICE_listener_name
DEFAULT_SERVICE_listener_namecontrol parameter of thelistener.orafile enables users to connect to the database without having to specify a service name from the client side. - ENABLE_EXADIRECT_listener_name
- INBOUND_CONNECT_TIMEOUT_listener_name
- LOCAL_REGISTRATION_ADDRESS_listener_name
- MAX_ALL_CONNECTIONS_listener_name
Use theMAX_ALL_CONNECTIONS_listener_nameparameter to specify the maximum number of concurrent registration and client connection sessions. - MAX_REG_CONNECTIONS_listener_name
Use theMAX_REG_CONNECTIONS_listener_nameparameter to specify the maximum number of concurrent registration connection sessions. - REGISTRATION_EXCLUDED_NODES_listener_name
- REGISTRATION_INVITED_NODES_listener_name
- REMOTE_REGISTRATION_ADDRESS_listener_name
- SAVE_CONFIG_ON_STOP_listener_name
- SERVICE_RATE_listener_name
TheSERVICE_RATE_listener_namecontrol parameter specifies incoming connection rate that is allowed per service for an instance. - SSL_CIPHER_SUITES
Use theSSL_CIPHER_SUITESparameter to control the combination of authentication, encryption, and data integrity algorithms used by Transport Layer Security (TLS). - SSL_CLIENT_AUTHENTICATION
Use theSSL_CLIENT_AUTHENTICATIONparameter to specify whether the database client is authenticated using Transport Layer Security (TLS). - SSL_VERSION
Use theSSL_VERSIONparameter to define valid Transport Layer Security (TLS) versions to be used for connections. - SUBSCRIBE_FOR_NODE_DOWN_EVENT_listener_name
- USE_SID_AS_SERVICE_listener_name
- VALID_NODE_CHECKING_REGISTRATION_listener_name
The listener.ora control parameterVALID_NODE_CHECKING_REGISTRATION_listener_namedetermines if valid node checking registration is performed, or if the subnet is allowed. - WALLET_LOCATION
Use theWALLET_LOCATIONparameter to specify the location of Oracle wallets.
Parent topic: Oracle Net Listener Parameters in the listener.ora File
8.4.1 ADMIN_RESTRICTIONS_listener_name
The listener.ora control parameter ADMIN_RESTRICTIONS_listener_name restricts runtime administration of the listener.
Purpose
To restrict runtime administration of the listener.
Usage Notes
Setting ADMIN_RESTRICTIONS_listener_name=on disables the runtime modification of parameters in listener.ora. That is, the listener refuses to accept SET commands that alter its parameters. To change any of the parameters in listener.ora, including ADMIN_RESTRICTIONS_listener_name itself, modify the listener.ora file manually and reload its parameters using the RELOAD command for the new changes to take effect without explicitly stopping and restarting the listener.
Default
off
Example
ADMIN_RESTRICTIONS_listener=onParent topic: Control Parameters
8.4.2 ALLOW_MULTIPLE_REDIRECTS_listener_name
The listener.ora control parameter ALLOW_MULTIPLE_REDIRECTS_listener_name enables multiple redirects of the client.
Purpose
To support multiple redirects of the client.
Usage Notes
This parameter should only be set on the SCAN listener on the Oracle Public Cloud. When set to on, multiple redirects of the client are allowed.
Do not set this parameter for a node listener if that is used as a SCAN listener.
Default
off
Values
on | off
Example
ALLOW_MULTIPLE_REDIRECTS_listener=onParent topic: Control Parameters
8.4.3 CRS_NOTIFICATION_listener_name
CRS_NOTIFICATION_listener_name control parameter of the listener.ora file sets notification to allow or disallow Cluster Ready Services (CRS) to manage the listener in an Oracle Real Application Clusters environment.
Purpose
To set notification.
Usage Notes
By default, the Oracle Net listener notifies Cluster Ready Services (CRS) when it is started or stopped. These notifications allow CRS to manage the listener in an Oracle Real Application Clusters environment. This behavior can be prevented by setting the CRS_NOTIFICATION_listener_name parameter to off.
Default
on
Values
on | offParent topic: Control Parameters
8.4.4 DEDICATED_THROUGH_BROKER_LISTENER
DEDICATED_THROUGH_BROKER_LISTENER networking parameter of the listener.ora file enables the server to spawn a thread or process when a connection to the database is requested through the listener.
Purpose
To enable the server to spawn a thread or process when a connection to the database is requested through the listener.
Default
off
Values
on | offExample 8-3 Example
(Optional) Enter an example to illustrate your reference here.
Parent topic: Control Parameters
8.4.5 DEFAULT_SERVICE_listener_name
DEFAULT_SERVICE_listener_name control parameter of the listener.ora file enables users to connect to the database without having to specify a service name from the client side.
Purpose
To enable users to connect to the database without having to specify a service name from the client side.
Usage Notes
When a client tries to connect to the database, the connection request passes through the listener. The listener may be servicing several different databases. If a service name is configured in this parameter, then users may not necessarily need to specify a service name in the connect syntax. If a user specifies a service name, then the listener connects the user to that specific database, otherwise the listener connects to the service name specified by the DEFAULT_SERVICE_listener_name parameter. For container databases, the client must explicitly specify the service name.
Default
There is no default value for the DEFAULT_SERVICE_listener_name parameter. If this parameter is not configured and a user does not specify a fully-qualified service name in the connect syntax, then the connection attempt fails. This parameter only accepts one value.
Example 8-4 Example
DEFAULT_SERVICE_listener=sales.us.example.comParent topic: Control Parameters
8.4.6 ENABLE_EXADIRECT_listener_name
Purpose
To enable Exadirect protocol.
Usage Notes
The parameter enables Exadirect support.
Default
Off
Values
on | off
Example 8-5 Example
ENABLE_EXADIRECT_listener=on
Parent topic: Control Parameters
8.4.7 INBOUND_CONNECT_TIMEOUT_listener_name
Purpose
To specify the time, in seconds, for the client to complete its connect request to the listener after the network connection had been established.
Usage Notes
If the listener does not receive the client request in the time specified, then it terminates the connection. In addition, the listener logs the IP address of the client and an ORA-12525:TNS: listener has not received client's request in time allowed error message to the listener.log file.
To protect both the listener and the database server, Oracle recommends setting this parameter in combination with the SQLNET.INBOUND_CONNECT_TIMEOUT parameter in the sqlnet.ora file. When specifying values for these parameters, consider the following recommendations:
-
Set both parameters to an initial low value.
-
Set the value of the
INBOUND_CONNECT_TIMEOUT_listener_nameparameter to a lower value than theSQLNET.INBOUND_CONNECT_TIMEOUTparameter.
For example, you can set the INBOUND_CONNECT_TIMEOUT_listener_name parameter to 2 seconds and the INBOUND_CONNECT_TIMEOUT parameter to 3 seconds. If clients are unable to complete connections within the specified time due to system or network delays that are normal for the particular environment, then increment the time as needed.
Default
60 seconds
Example
INBOUND_CONNECT_TIMEOUT_listener=2
Parent topic: Control Parameters
8.4.8 LOCAL_REGISTRATION_ADDRESS_listener_name
Purpose
To secure registration requests through dedicated secure registration endpoints for local listeners. Service ACLs are accepted by listener only if LOCAL_REGISTRATION_ADDRESS_lsnr alias is configured. The parameter specifies the group that is allowed to send ACLs.
Usage Notes
The local registration endpoint accepts local registration connections from the specified group. All local registration requests coming on normal listening endpoints are redirected to the local registration endpoint. If the registrar is not a part of the group, then it cannot connect to the endpoint.
Default
OFF
Values
ON, OFF, or IPC endpoint address with group
When set to ON, listener defaults the group to oinstall on UNIX and ORA_INSTALL on Windows.
Example 8-6 Example
LOCAL_REGISTRATION_ADDRESS_lsnr_alias = (address=(protocol=ipc)(group=xyz)) LOCAL_REGISTRATION_ADDRESS_lsnr_alias =ON Related Topics
Parent topic: Control Parameters
8.4.9 MAX_ALL_CONNECTIONS_listener_name
Use the MAX_ALL_CONNECTIONS_listener_name parameter to specify the maximum number of concurrent registration and client connection sessions.
Purpose
To specify the maximum number of concurrent registration and client connection sessions that can be supported by Oracle Net Listener.
Usage Notes
This number includes registration connections from databases, and ongoing client connection establishment requests. After a connection is established, the clients do not maintain a connection to the listener. This limit only applies to client connections that are in the initial connection establishment phase from a listener perspective.
Default
4096
Example
MAX_ALL_CONNECTIONS_listener=4096
Parent topic: Control Parameters
8.4.10 MAX_REG_CONNECTIONS_listener_name
Use the MAX_REG_CONNECTIONS_listener_name parameter to specify the maximum number of concurrent registration connection sessions.
Purpose
To specify the maximum number of concurrent registration connection sessions that can be supported by Oracle Net Listener.
Default
512
Example
MAX_REG_CONNECTIONS_listener=2048
Parent topic: Control Parameters
8.4.11 REGISTRATION_EXCLUDED_NODES_listener_name
Purpose
To specify the list of nodes that cannot register with the listener.
Usage Notes
The list can include host names or CIDR notation for IPv4 and IPv6 addresses. The wildcard format (*) is supported for IPv4 addresses. The presence of a host name in the list results in the inclusion of all IP addresses mapped to the host name. The host name should be consistent with the public network interface.
If the REGISTRATION_INVITED_NODES_listener_name parameter and the REGISTRATION_EXCLUDED_NODES_listener_name parameter are set, then the REGISTRATION_EXCLUDED_NODES_listener_name parameter is ignored.
Values
Valid nodes and subnet IP addresses or names.
Example
REGISTRATION_EXCLUDED_NODES_listener = (10.1.26.*, 10.16.40.0/24, \
2001:DB8:3eff:fe38, node2)Parent topic: Control Parameters
8.4.12 REGISTRATION_INVITED_NODES_listener_name
Purpose
To specify the list of node that can register with the listener.
Usage Notes
-
The list can include host names or CIDR notation for IPv4 and IPv6 addresses. The wildcard format (
*) is supported for IPv4 addresses. The presence of a host name in the list results in the inclusion of all IP addresses mapped to the host name. The host name should be consistent with the public network interface. -
If the
REGISTRATION_INVITED_NODES_listener_nameparameter and theREGISTRATION_EXCLUDED_NODES_listener_nameparameter are set, then theREGISTRATION_EXCLUDED_NODES_listener_nameparameter is ignored. -
Starting with Oracle Grid Infrastructure 12c, for a SCAN listener, if the
VALID_NODE_CHECKING_REGISTRATION_listener_nameandREGISTRATION_INVITED_NODES_listener_nameparameters are set in thelistener.orafile, then the listener agent overwrites these parameters.
Values
Valid nodes and subnet IP addresses or names.
Example
REGISTRATION_INVITED_NODES_listener = (10.1.35.*, 10.1.34.0/24, \
2001:DB8:fe38:7303, node1)See Also:
Oracle Real Application Clusters Administration and Deployment Guide for information about valid node checking for registration
Parent topic: Control Parameters
8.4.13 REMOTE_REGISTRATION_ADDRESS_listener_name
Purpose
To secure registration requests through dedicated secure registration endpoints for SCAN listeners.
Usage Notes
The registration endpoint is on a private network within the cluster. All remote registration requests coming in on normal listening endpoints are redirected to the registration endpoint. Any system which is not a part of the cluster cannot connect to the endpoint. This feature is not supported when ADMIN_RESTRICTIONS_listener_name is set to ON as the Cluster Ready Services agent configures the remote_registration_address dynamically at run time.
Default
This parameter is configured internally in listeners managed by Oracle Clusterware to
restrict registrations to the private network. The value of this parameter should not be
modified or specified explicitly. The only supported explicit setting is for turning
this feature off by setting the value to OFF.
Values
off
Example
REMOTE_REGISTRATION_ADDRESS_listener=off
Parent topic: Control Parameters
8.4.14 SAVE_CONFIG_ON_STOP_listener_name
Purpose
To specify whether runtime configuration changes are saved to the listener.ora file.
Usage Notes
When you set the parameter to true, any parameters that were modified while the listener was running using the Listener Control utility SET command are saved to the listener.ora file when the STOP command is issued. When you set the parameter to false, the Listener Control utility does not save the runtime configuration changes to the listener.ora file.
Default
false
Values
true | false
Example
SAVE_CONFIG_ON_STOP_listener=true
Parent topic: Control Parameters
8.4.15 SERVICE_RATE_listener_name
The SERVICE_RATE_listener_name control parameter specifies incoming connection rate that is allowed per service for an instance.
Purpose
To specify incoming connection rate that is allowed per service for an instance.
Usage Notes
Any user-specified value greater than 0 sets the maximum limit on the number of new connections per service-instance handled by the proxy listener every second. Listener rejects connections after it reaches the maximum limit. Client side connection failure is reported with the “TNS:listener: rate limit reached” error.
Default
0
Example 8-7 Example
SERVICE_RATE=10
Parent topic: Control Parameters
8.4.16 SSL_CIPHER_SUITES
Use the SSL_CIPHER_SUITES parameter to control the combination of authentication, encryption, and data integrity algorithms used by Transport Layer Security (TLS).
Purpose
To control the combination of authentication, encryption, and data integrity algorithms used by TLS. By default, the strongest protocol and cipher are negotiated between the database client and server. Setting this parameter will override the default behavior. You must use this parameter only if you have internal security controls that dictate the usage of certain protocol versions.
Usage Notes
Starting with Database 23ai, the use of Transport Layer Security protocol versions 1.0 and 1.1 are desupported.
In most cases, this change will not have any impact, because the database client and server will negotiate the use of the most secure protocol and cipher algorithm. However, if TLS 1.0 or 1.1 has been specified, then you must either remove it to allow the database server and client to pick the most secure protocol, or you must specify either TLS 1.2, or TLS 1.3, or both, for the protocol. Oracle recommends using the latest, most secure protocol. That protocol is TLS 1.3, which is introduced with Oracle Database 23ai.
Enclose the SSL_CIPHER_SUITES parameter value in parentheses. Otherwise, the cipher suite setting does not parse correctly.
Default
None
Values
-
TLS_AES_256_GCM_SHA384 -
TLS_CHACHA20_POLY1305_SHA256(non-FIPS only) -
TLS_AES_128_CCM_SHA256 -
TLS_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 -
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 -
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 -
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -
TLS_RSA_WITH_AES_256_GCM_SHA384 -
TLS_RSA_WITH_AES_256_CBC_SHA256 -
TLS_RSA_WITH_AES_256_CBC_SHA -
TLS_RSA_WITH_AES_128_GCM_SHA256 -
TLS_RSA_WITH_AES_128_CBC_SHA256 -
TLS_RSA_WITH_AES_128_CBC_SHA -
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 -
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Examples
SSL_CIPHER_SUITES=(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)SSL_CIPHER_SUITES=(TLS_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)Parent topic: Control Parameters
8.4.17 SSL_CLIENT_AUTHENTICATION
Use the SSL_CLIENT_AUTHENTICATION parameter to specify whether the database client is authenticated using Transport Layer Security (TLS).
Purpose
To enable client authentication in a TLS connection. The connection can be one-way or two-way (mutual TLS or mTLS).
Usage Notes
When set to TRUE, a two-way TLS connection is initiated. Both the client and server (including the listener) authenticate each other. For example, if you set this parameter to TRUE in the server configuration (server-side sqlnet.ora), then the server attempts to authenticate the client. If you set it to TRUE in the listener configuration (listener.ora), then the listener attempts to authenticate the client.
When set to FALSE, only the client authenticates the server and listener as a one-way TLS connection. For example, if you set this parameter to FALSE in the server configuration, then the server does not authenticate the client. If you set it to FALSE in the listener configuration, then the listener does not authenticate the client.
OPTIONAL, the server behaves as follows:
-
If the client sends a certificate, then the connection is completed as a two-way TLS connection after authenticating the client.
-
If the client does not send a certificate, then the connection is completed as a one-way TLS connection.
Ensure that this parameter setting is consistent for the server or listener (on one side) and the client (on the other). Otherwise, the connection may fail. For example, if you enable client authentication in the server or listener configuration, then you must enable it in the client configuration.
Default
TRUE
Values
-
TRUE|ON|YES|1: To enable mTLS -
FALSE|OFF|NO|0: To enable one-way TLS -
OPTIONAL: To enable both TLS and mTLS
Example
SSL_CLIENT_AUTHENTICATION=FALSERelated Topics
Parent topic: Control Parameters
8.4.18 SSL_VERSION
Use the SSL_VERSION parameter to define valid Transport Layer Security (TLS) versions to be used for connections.
Purpose
To define the version of TLS that must run on the systems with which the database server communicates. By default, the database server and client negotiate the strongest security protocol. Oracle does not recommend modifying this parameter, unless your security requirements mandate the usage of certain protocol versions.
Usage Notes
-
Clients, listeners, and database servers must use compatible versions. Modify this parameter only when necessary to enforce the use of the more secure TLS protocol and not allow clients that only work with the older TLS protocols. The current default uses TLS 1.3, which is the version required for multiple security compliance requirements. If you need to specify TLS 1.2, then also include TLS 1.3 to allow more secure connections.
-
In addition to
sqlnet.ora,listener.ora, andcman.ora, you can specify this parameter under theSECURITYsection oftnsnames.oraor directly as part of the connect string. The parameter value specified in the connect string takes precedence over the other specified values. -
Starting with Database 23ai, the use of Transport Layer Security protocol versions 1.0 and 1.1 are desupported.
In most cases, this change will not have any impact, because the database client and server will negotiate the use of the most secure protocol and cipher algorithm. However, if TLS 1.0 or 1.1 has been specified, then you must either remove it to allow the database server and client to pick the most secure protocol, or you must specify either TLS 1.2, or TLS 1.3, or both, for the protocol. Oracle recommends using the latest, most secure protocol. That protocol is TLS 1.3, which is introduced with Oracle Database 23ai.
-
Starting with Oracle Database 23ai, the Secure Socket Layer v3 protocol (SSLv3) is no longer supported for database server-client connections, and the
sqlnet.oraparameterADD_SSLV3_TO_DEFAULThas been removed.SSLv3 is a much less secure protocol to secure the database server-to-client connection. Instead of using SSLv3, allow the database server and client to negotiate the most secure protocol that is common between the server and the client. Oracle Database 23ai provides TLS 1.2 and TLS 1.3 protocols for certificate-based network encryption.
-
If you set
SSL_VERSIONtoundetermined, then the most secure TLS protocol version is used. You can also use theSSL_VERSION=undeterminedsetting in the connect string for a specific connection to override theSSL_VERSIONvalue configured in thesqlnet.ora,listener.ora, orcman.orafile. -
If you do not set
SSL_VERSIONto any value, then all the supported TLS protocol versions are tried starting with the most secure version. This is typically the most common configuration, ensuring that the strongest protocol is chosen during TLS negotiation.
Values
undetermined | TLSv1.2 | TLSv1.3
Default
undetermined
Syntax and Examples
-
To specify a single protocol version:
SSL_VERSION=TLS_protocol_versionFor example:SSL_VERSION=TLSv1.3 -
To specify multiple protocol versions, use a comma-separated string of values, enclosed in parenthesis:
SSL_VERSION=(TLS_protocol_version1,TLS_protocol_version2)For example:SSL_VERSION=(TLSv1.2,TLSv1.3)Note:
Do not enclose protocol versions in parenthesis while specifying this parameter in the
tnsnames.orafile or as part of the connect string, otherwise the setting will not parse correctly. For example:net_service_name= (DESCRIPTION= (ADDRESS=(PROTOCOL=tcps)(HOST=salesserver)(PORT=1522)) (SECURITY=(SSL_VERSION=TLSv1.2,TLSv1.3)) )
Related Topics
Parent topic: Control Parameters
8.4.19 SUBSCRIBE_FOR_NODE_DOWN_EVENT_listener_name
Purpose
To subscribe to Oracle Notification Service (ONS) notifications for downed events.
Usage Notes
By default, the listener subscribes to the ONS node down event on startup, if ONS is available. This subscription enables the listener to remove the affected service when it receives node down event notification from ONS. The listener uses asynchronous subscription for the event notification. Alter this behavior by setting SUBSCRIBE_FOR_NODE_DOWN_EVENT_listener_name=off in listener.ora.
Default
on
Values
on | off
Parent topic: Control Parameters
8.4.20 USE_SID_AS_SERVICE_listener_name
Purpose
To enable the system identifier (SID) in the connect descriptor to be interpreted as a service name when a user attempts a database connection.
Usage Notes
Database clients with earlier releases of Oracle Database that have hard-coded connect descriptors can use this parameter to connect to a container or pluggable database.
For an Oracle container database, the client must specify a service name in order to connect to it. Setting this parameter to on instructs the listener to use the SID in the connect descriptor as a service name and connect the client to the specified database.
Default
off
Example
USE_SID_AS_SERVICE_listener=on
Parent topic: Control Parameters
8.4.21 VALID_NODE_CHECKING_REGISTRATION_listener_name
The listener.ora control parameter VALID_NODE_CHECKING_REGISTRATION_listener_name determines if valid node checking registration is performed, or if the subnet is allowed.
Purpose
To determine whether valid node checking registration is performed, or the subnet is allowed.
Usage Notes
-
When set to
on, valid node checking registration is performed at the listener for any incoming registration request, and only local IP addresses are allowed. -
Starting with Oracle Grid Infrastructure 12c, for a SCAN listener, if the
VALID_NODE_CHECKING_REGISTRATION_listener_nameandREGISTRATION_INVITED_NODES_listener_nameparameters are set in thelistener.orafile, then the listener agent overwrites these parameters.
Default
on
Values
-
off | 0to specify valid node checking registration is off, and no checking is performed. -
on | 1 | localto specify valid node checking registration is on, and all local IP addresses can register. If a list of invited nodes is set, then all IP addresses, host names, or subnets in the list as well as local IP addresses are allowed. -
subnet | 2to specify valid node checking registration is on, and all machines in the local subnets are allowed to register. If a list of invited nodes is set, then all nodes in the local subnets as well as all IP addresses, host names and subnets in the list are allowed.
Example
VALID_NODE_CHECKING_REGISTRATION_listener=onSee Also:
Oracle Real Application Clusters Administration and Deployment Guide for information about valid node checking for registration
Parent topic: Control Parameters
8.4.22 WALLET_LOCATION
Use the WALLET_LOCATION parameter to specify the location of Oracle wallets.
Purpose
To specify the directory path where you want to create and store an Oracle wallet. Wallets securely contain certificates, secrets, private keys, and trust points used by Oracle Database.
Usage Notes
-
Deprecation of the server-side setting:
The parameter
WALLET_LOCATIONis deprecated for use with Oracle Database 23ai for the Oracle Database server. It is not deprecated for use with the Oracle Database client.For Oracle Database server, Oracle recommends that you use the
WALLET_ROOTsystem parameter instead of usingWALLET_LOCATION. -
Where to set this parameter:
You can set
WALLET_LOCATIONin thesqlnet.orafile to specify a common wallet location for all connections. You can also set it in the connect string ortnsnames.orafile to specify a different wallet location for a particular connection.Use of
WALLET_LOCATIONin the connect string ortnsnames.oraoverrides thesqlnet.oraWALLET_LOCATIONsetting for the specifictnsnames.oraservice. Thetnsnames.oraWALLET_LOCATIONsetting enables a client to initiate multiple TLS sessions using different TLS certificates in the same client process. -
Setting to use the system default certificate store instead of a client-side wallet:
The Linux and Windows database clients can use the system default certificate store to validate the Oracle Database server certificate, instead of creating a local wallet with root certificate. The default certificate store is located in
/etc/pki/tls/cert.pemon Linux and Microsoft Certificate Store (MCS) on Windows.If you set
WALLET_LOCATION=SYSTEMin the connect string (intnsnames.oraor directly to the command line), then the database client uses the default certificate store to validate the server certificate. In this case, the server certificate needs to be signed by a trusted root certificate that is already installed in the default certificate store.For example:net_service_name= (DESCRIPTION = (ADDRESS=(PROTOCOL=tcps)(HOST=sales-svr)(PORT=1234)) (SECURITY=(WALLET_LOCATION=SYSTEM)) (CONNECT_DATA=(SERVICE_NAME=sales.us.example.com)) ) -
Order in which the database client searches for a client wallet:
-
The database client first tries to use a wallet from the
WALLET_LOCATIONdirectory specified in the connect string. -
If no wallet is present, then the client searches for the
WALLET_LOCATIONparameter value in thesqlnet.orafile. -
If no wallet is present, then the client searches for a wallet in the
$TNS_ADMINenvironment variable directory. -
If no wallet is present, then the client searches in the default wallet location, that is,
/etc/ORACLE/WALLETS/usernameon Linux andC:\Users\username\\ORACLE\WALLETSon Windows. -
If no wallet is present, then the client uses the wallet from the system default certificate store.
You can specify
WALLET_LOCATIONasSYSTEMin the connect string to ignore all the wallet configurations and use the system default certificate store instead. -
- Setting for walletless TLS connections:
The
WALLET_LOCATIONparameter is optional for TLS connections that do not use a client wallet. If you do not includeWALLET_LOCATIONin the connect string,tnsnames.ora, orsqlnet.ora, then the driver automatically picks up common root certificates from the system default certificate store (if the system is Windows or Linux).However, you may need to perform additional steps in the following cases:
-
If
WALLET_LOCATIONis set insqlnet.orafor all connections, then you can override this setting for a specific connection that does not need a client wallet (usingWALLET_LOCATION=SYSTEMin the connect string). -
If a wallet is present in the
$TNS_ADMINenvironment variable directory, then the database client uses the$TNS_ADMINpath as the default wallet location. In this case, you can either override theWALLET_LOCATIONsetting (usingWALLET_LOCATION=SYSTEMin the connect string) or remove that wallet.
-
- Storage of wallet files:
The password-protected wallet is stored in an
ewallet.p12file. The auto-login and local auto-login wallets are stored in acwallet.ssofile.For example, if an Oracle wallet is stored in the Microsoft Windows registry and the wallet's key
(KEY)isSALESAPP, then the storage location of the password-protected wallet isHKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\EWALLET.P12. The storage location of the auto-login and local auto-login wallets isHKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\CWALLET.SSO.
Additional Parameters
SOURCE to specify the type of storage and storage location for wallets, as follows:
-
METHOD: Type of storage -
METHOD_DATA: Storage location:-
DIRECTORY: Location of wallet on the file system -
KEY: Wallet type and location in the Microsoft Windows registry
-
Syntax and Examples
The syntax depends on the wallet as follows:
-
Wallet on the file system:
WALLET_LOCATION= (SOURCE= (METHOD=file) (METHOD_DATA= (DIRECTORY=directory)))For example:WALLET_LOCATION= (SOURCE= (METHOD=file) (METHOD_DATA= (DIRECTORY=/etc/oracle/wallets/databases))) -
Microsoft certificate store:
WALLET_LOCATION= (SOURCE= (METHOD=mcs))The key-value pair for MCS omits the
METHOD_DATAparameter because MCS does not use wallets. Instead, Oracle PKI (public key infrastructure) applications obtain certificates, trust points and private keys directly from a user's profile. -
Wallet in the Microsoft Windows registry:
WALLET_LOCATION= (SOURCE= (METHOD=reg) (METHOD_DATA= (KEY=registry_key)))For example:WALLET_LOCATION= (SOURCE= (METHOD=reg) (METHOD_DATA= (KEY=SALESAPP)))
Default
None
Related Topics
Parent topic: Control Parameters
8.5 ADR Diagnostic Parameters for Oracle Net Listener
The diagnostic data for the critical errors is quickly captured and stored in the ADR for Oracle Net listener.
Since Oracle Database 11g, Oracle Database includes an advanced fault diagnosability infrastructure for preventing, detecting, diagnosing, and resolving problems. The problems are critical errors such as those caused by database code bugs, metadata corruption, and customer data corruption.
When a critical error occurs, it is assigned an incident number, and diagnostic data for the error, such as traces and dumps, are immediately captured and tagged with the incident number. The data is then stored in the Automatic Diagnostic Repository (ADR), a file-based repository outside the database.
This section includes the parameters used when ADR is enabled. ADR is enabled by default. Non-ADR parameters listed in the listener.ora file are ignored when ADR is enabled.
The following listener.ora parameters are used when ADR is enabled (when DIAG_ADR_ENABLED is set to on):
- ADR_BASE_listener_name
TheADR_BASE_listener_nameparameter is a diagnostic parameter specifies the base directory that stores tracing and logging incidents when ADR is enabled. - DIAG_ADR_ENABLED_listener_name
TheDIAG_ADR_ENABLED_listener_nameis a diagnostic parameter of thelistener.orafile. It indicates whether ADR is enabled. - LOG_FILE_NUM_listener_name
TheLOG_FILE_NUM_listener_nameis a diagnostic parameter of thelistener.orafile that specifies the number of log file segments. - LOG_FILE_SIZE_listener_name
TheLOG_FILE_SIZE_listener_namediagnostic parameter of thelistener.orafile specifies the size of each log file segment. - LOGGING_listener_name
TheLOGGING_listener_namediagnostic parameter of thelistener.orafile turns logging on or off. - TRACE_LEVEL_listener_name
TheTRACE_LEVEL_listener_namediagnostic parameter of thelistener.orafile turns listener tracing on, at a specific level, or turns it off. - TRACE_TIMESTAMP_listener_name
TheTRACE_TIMESTAMP_listener_namediagnostic parameter of thelistener.orafile adds a time stamp to every trace event in the trace file for the listener.
Parent topic: Oracle Net Listener Parameters in the listener.ora File
8.5.1 ADR_BASE_listener_name
The ADR_BASE_listener_name parameter is a diagnostic parameter specifies the base directory that stores tracing and logging incidents when ADR is enabled.
Purpose
To specify the base directory that stores tracing and logging incidents when ADR is enabled.
Default
The default is ORACLE_BASE, or ORACLE_HOME/log if ORACLE_BASE is not defined.
Values
Any valid directory path to a directory with write permission.
Example
ADR_BASE_listener=/oracle/network/traceParent topic: ADR Diagnostic Parameters for Oracle Net Listener
8.5.2 DIAG_ADR_ENABLED_listener_name
The DIAG_ADR_ENABLED_listener_name is a diagnostic parameter of the listener.ora file. It indicates whether ADR is enabled.
Purpose
To indicate whether ADR tracing is enabled.
Usage Notes
When the DIAG_ADR_ENABLED_listener_name parameter is set to on, then ADR file tracing is used. When the DIAG_ADR_ENABLED_listener_name parameter is set to off, then non-ADR file tracing is used.
Default
onValues
on|off
Example 8-8 Example
DIAG_ADR_ENABLED_listener=onParent topic: ADR Diagnostic Parameters for Oracle Net Listener
8.5.3 LOG_FILE_NUM_listener_name
The LOG_FILE_NUM_listener_name is a diagnostic parameter of the listener.ora file that specifies the number of log file segments.
Purpose
To specify the number of log file segments. At any point of time there can be only n log file segments where n is LOG_FILE_NUM_listener_name. If the log grows beyond this number, then the older segments are deleted.
Default
No default. If you don't specify a value, or set the value to zero, then the number of segments grows indefinitely.
Values
Any integer value.
Example 8-9
LOG_FILE_NUM_listener=3
Parent topic: ADR Diagnostic Parameters for Oracle Net Listener
8.5.4 LOG_FILE_SIZE_listener_name
The LOG_FILE_SIZE_listener_name diagnostic parameter of thelistener.ora file specifies the size of each log file segment.
Purpose
To specify the size of each log file segment. The size is in MB.
Default
300 MB
Values
Any integer value.
Example 8-10 Example
LOG_FILE_SIZE_listener=10
Parent topic: ADR Diagnostic Parameters for Oracle Net Listener
8.5.5 LOGGING_listener_name
The LOGGING_listener_name diagnostic parameter of the listener.ora file turns logging on or off.
Purpose
To turn logging on or off.
Usage Notes
This parameter is also applicable when non-ADR tracing is used.
Default
on
Values
on | off
Example
LOGGING_listener=onParent topic: ADR Diagnostic Parameters for Oracle Net Listener
8.5.6 TRACE_LEVEL_listener_name
The TRACE_LEVEL_listener_name diagnostic parameter of the listener.ora file turns listener tracing on, at a specific level, or turns it off.
Purpose
To turn listener tracing on, at a specific level, or to turn it off.
Usage Notes
This parameter is also applicable when non-ADR tracing is used.
Default
off | 0Values
-
offor0for no trace output -
useror4for user trace information -
adminor10for administration trace information -
supportor16for Oracle Support Services trace information
Example
TRACE_LEVEL_listener=adminParent topic: ADR Diagnostic Parameters for Oracle Net Listener
8.5.7 TRACE_TIMESTAMP_listener_name
The TRACE_TIMESTAMP_listener_name diagnostic parameter of the listener.ora file adds a time stamp to every trace event in the trace file for the listener.
Purpose
To add a time stamp in the form of dd-mmm-yyyy hh:mi:ss:mil to every trace event in the trace file for the listener.
Usage Notes
This parameter is used with the TRACE_LEVEL_listener_name parameter. This parameter is also applicable when non-ADR tracing is used.
Default
on
Values
-
on|true -
off|false
Example
TRACE_TIMESTAMP_listener=true
Parent topic: ADR Diagnostic Parameters for Oracle Net Listener
8.6 Non-ADR Diagnostic Parameters for Oracle Net Listener
This section lists the parameters used when ADR is disabled. The default value of DIAG_ADR_ENABLED_listener_name is on. Therefore, the DIAG_ADR_ENABLED_listener_name parameter must explicitly be set to off to use non-ADR tracing.
- LOG_DIRECTORY_listener_name
- LOG_FILE_listener_name
- TRACE_DIRECTORY_listener_name
- TRACE_FILE_listener_name
- TRACE_FILEAGE_listener_name
- TRACE_FILELEN_listener_name
- TRACE_FILENO_listener_name
Parent topic: Oracle Net Listener Parameters in the listener.ora File
8.6.1 LOG_DIRECTORY_listener_name
Purpose
To specify the destination directory of the listener log file.
Usage Notes
Use this parameter when ADR is not enabled.
Default
ORACLE_HOME/network/log
Example
LOG_DIRECTORY_listener=/oracle/network/admin/log
Parent topic: Non-ADR Diagnostic Parameters for Oracle Net Listener
8.6.2 LOG_FILE_listener_name
Purpose
To specify the name of the log file for the listener.
Usage Notes
Use this parameter when ADR is not enabled.
Default
listener.log
Example
LOG_FILE_listener=list.log
Parent topic: Non-ADR Diagnostic Parameters for Oracle Net Listener
8.6.3 TRACE_DIRECTORY_listener_name
Purpose
To specify the destination directory of the listener trace file.
Usage Notes
Use this parameter when ADR is not enabled.
Default
ORACLE_HOME/network/trace
Example
TRACE_DIRECTORY_listener=/oracle/network/admin/trace
Parent topic: Non-ADR Diagnostic Parameters for Oracle Net Listener
8.6.4 TRACE_FILE_listener_name
Purpose
To specify the name of the trace file for the listener.
Usage Notes
Use this parameter when ADR is not enabled.
Default
listener.trc
Example
TRACE_FILE_listener=list.trc
Parent topic: Non-ADR Diagnostic Parameters for Oracle Net Listener
8.6.5 TRACE_FILEAGE_listener_name
Purpose
To specify the maximum age of listener trace files in minutes.
Usage Notes
When the age limit is reached, the trace information is written to the next file. The number of files is specified with the TRACE_FILENO_listener_name parameter. Use this parameter when ADR is not enabled.
Default
Unlimited
This is the same as setting the parameter to 0.
Example 8-11 Example
TRACE_FILEAGE_listener=60
Parent topic: Non-ADR Diagnostic Parameters for Oracle Net Listener
8.6.6 TRACE_FILELEN_listener_name
Purpose
To specify the size of the listener trace files in kilobytes (KB).
Usage Notes
When the size is met, the trace information is written to the next file. The number of files is specified using the TRACE_FILENO_listener_name parameter. Use this parameter when ADR is not enabled.
Default
Unlimited
Example
TRACE_FILELEN_listener=100
Parent topic: Non-ADR Diagnostic Parameters for Oracle Net Listener
8.6.7 TRACE_FILENO_listener_name
Purpose
To specify the number of trace files for listener tracing.
Usage Notes
When this parameter is set along with the TRACE_FILELEN_listener_name parameter, trace files are used in a cyclical fashion. The first file is filled first, then the second file, and so on. When the last file has been filled, the first file is re-used, and so on.
The trace file names are distinguished from one another by their sequence number. For example, if the default trace file of listener.trc is used, and this parameter is set to 3, then the trace files would be named listener1.trc, listener2.trc and listener3.trc.
In addition, trace events in the trace files are preceded by the sequence number of the file. Use this parameter when ADR is not enabled.
Default
1
Example
TRACE_FILENO_listener=3
Parent topic: Non-ADR Diagnostic Parameters for Oracle Net Listener
8.7 Class of Secure Transports Parameters
The class of secure transports (COST) parameters specify a list of transports that are considered secure for administration and registration of a particular listener.
The COST parameters identify which transports are considered secure for that installation and whether the administration of a listener requires secure transports. Configuring these parameters is optional.
- SECURE_REGISTER_listener_name
- Using COST Parameters in Combination
- DYNAMIC_REGISTRATION_listener_name
DYNAMIC_REGISTRATION_listener_nameis a class of secure transports (COST) parameter and it enables or disables dynamic registration of a listener. - SECURE_PROTOCOL_listener_name
- SECURE_CONTROL_listener_name
See Also:
Oracle Database Net Services Administrator's Guide for additional information about COST parameters and listener securityParent topic: Oracle Net Listener Parameters in the listener.ora File
8.7.1 SECURE_REGISTER_listener_name
Purpose
To specify the transports on which registration requests are to be accepted.
Usage Notes
If the SECURE_REGISTER_listener_name parameter is configured with a list of transport names, then only the connections arriving on the specified transports are able to register the service with the listener. Connections arriving by other transport protocols are refused. The following is an example:
SECURE_REGISTER_listener1 = (TCPS,IPC)
In the preceding example, registration requests are accepted only on TCPS and IPC transports.
If no values are entered for this parameter, then the listener accepts registration requests from any transport.
Syntax
SECURE_REGISTER_listener_name = [(]transport1[,transport2, ....,transportn)]
In the preceding example, transport1, transport2, and transportn are valid, installed transport protocol names.
If this parameter and SECURE_CONTROL_listener_name are configured, then they override the SECURE_PROTOCOL_listener_name parameter.
Example
LISTENER1=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))
(ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))
SECURE_REGISTER_listener1=tcps
Parent topic: Class of Secure Transports Parameters
8.7.2 Using COST Parameters in Combination
COST parameters can also be used in combination to further control which transports accept service registration and control commands.
In Example 8-12, control commands are accepted only on the IPC channel and the TCPS transport, and service registrations are accepted only on an IPC channel.
Example 8-12 Combining COST Parameters
LISTENER1=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))
(ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))
SECURE_CONTROL_listener1=(tcps,ipc)
SECURE_REGISTER_listener1=ipc
In Example 8-13, control commands are accepted only on the TCPS transport, and service registrations are accepted only on the IPC channel.
Example 8-13 Combining COST Parameters
LISTENER1=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))
(ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))
SECURE_CONTROL_listener1=tcps
SECURE_PROTOCOL_listener1=ipcParent topic: Class of Secure Transports Parameters
8.7.3 DYNAMIC_REGISTRATION_listener_name
DYNAMIC_REGISTRATION_listener_name is a class of secure transports (COST) parameter and it enables or disables dynamic registration of a listener.
Purpose
To enable or disable dynamic registration.
Usage Notes
Static registrations are not affected by this parameter.
Default
The default value is on. Unless this parameter is explicitly set to off, all registration connections are accepted.
Values
-
on: The listener accepts dynamic registration. -
off: The listener refuses dynamic registration.
Example 8-14 Example
DYNAMIC_REGISTRATION_listener_name=onParent topic: Class of Secure Transports Parameters
8.7.4 SECURE_PROTOCOL_listener_name
Purpose
To specify the transports on which administration and registration requests are accepted.
Usage Notes
If this parameter is configured with a list of transport names, then the control commands and service registration can happen only if the connection belongs to the list of transports.
If this parameter is not present and neither SECURE_CONTROL_listener_name or SECURE_REGISTER_listener_name are configured, then all supported transports accept control and registration requests.
If the SECURE_CONTROL_listener_name and SECURE_REGISTER_listener_name parameters are configured, then they override the SECURE_PROTOCOL_listener_name parameter.
Syntax
SECURE_PROTOCOL_listener_name = [(]transport1[,transport2, ....,transportn)]
In the preceding syntax, transport1, transport2, and transportn are valid, installed transport protocol names.
Example
LISTENER1=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))
(ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))
SECURE_PROTOCOL_listener1=tcps
Parent topic: Class of Secure Transports Parameters
8.7.5 SECURE_CONTROL_listener_name
Purpose
To specify the transports on which control commands are to be serviced.
Usage Notes
If the SECURE_CONTROL_listener_name parameter is configured with a list of transport names, then the control commands are serviced only if the connection is one of the listed transports. Connections arriving by other transport protocols are refused. The following is an example:
SECURE_CONTROL_listener1 = (TCPS,IPC)
In the preceding example, administration requests are accepted only on TCPS and IPC transports.
If no values are entered for this parameter, then the listener accepts any connection on any endpoint.
Syntax
SECURE_CONTROL_listener_name = [(]transport1[,transport2, ....,transportn)]
In the preceding syntax, transport1, transport2, and transportn are valid, installed transport protocol names.
Example
LISTENER1=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))
(ADDRESS=(PROTOCOL=ipc)(KEY=extproc))
(ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))
SECURE_CONTROL_LISTENER1=tcps
Parent topic: Class of Secure Transports Parameters