I believe the hostname or IP is in DBA_AUDIT_TRAIL when you AUDIT SESSION. This is the only way to get the info for a failed logon attempt AFAIK. On 12/1/05, jame tong <jametong@xxxxxxxxx> wrote: > > you can use logon triggers to record the context of the logon event. > >