How to Audit a Failed Logon Attempt

Background & Overview

The following step by step guide explains how to audit failed logon attempts.

Step-By-Step Guide

1. Add initialization parameters & bounce instance:

  • alter system set audit_trail=true scope=spfile sid='*';
  • alter system set audit_file_dest='/u01/app/oracle/mysid/mydir/' scope=spfile sid='*';

2. Enable auditing of failed logon attempts

  • sqlplus / as sysdba
  • SQL> audit create session whenever not successful;

3. You can now view failed login attempts in dba_audit_trail

SELECT
os_username,
username,
terminal,
to_char(timestamp,'MM-DD-YYYY HH24:MI:SS') as timestamp
FROM
DBA_AUDIT_TRAIL;

Example Output

OS_USERNAME     USERNAME        TERMINAL        TIMESTAMP
--------------- --------------- --------------- -------------------
FRED            SCOTT           MYAPP           05-16-2009 16:21:13
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License