You could do something simple like this for auditing failed logins... AUDIT CONNECT WHENEVER NOT SUCCESSFUL; Then you could come back and have a look at the failures by doing a select against dba_audit_trail where returncode=1017. This has been very valuable when asked why accounts are being locked out. ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Sweetser, Joe Sent: Monday, March 22, 2010 12:08 PM To: cemail_219@xxxxxxxxxxx; oracle-l@xxxxxxxxxxxxx Subject: RE: Account lock time May not apply to your situation but if you recently upgraded from 9i, the default profile has changed from allowing unlimited login failures to locking the account after 20 failures. I have hit this issue in the past when, for instance, an old script had an old password it in and cron had been happily scheduling it day after day; hour after hour. It actually turned out to be a great way to find stuff like that in an inherited environment. But we scratched our heads for awhile trying to figure out "who" was locking the account once/day. :) -joe From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of J. Dex Sent: Monday, March 22, 2010 9:42 AM To: oracle-l@xxxxxxxxxxxxx Subject: RE: Account lock time Thanks for the info. It looks like this works if the account is still locked. Unfortunately, the account was already unlocked and now they are trying to find out when/who locked it. Is there a table/column that would tell when/who locked it or do you have to find a table/column that lists unsuccessful attempts multiple times, or what? Seems to be a lot of different audit tables. Not sure what the best way is to find out when it was last locked and who did it once the account has been unlocked. ________________________________ Subject: RE: Account lock time Date: Mon, 22 Mar 2010 16:04:40 +0100 From: jo.holvoet@xxxxxxxxxxxxx To: cemail_219@xxxxxxxxxxx; oracle-l@xxxxxxxxxxxxx Dba_users.lock_date will tell you; this maps back to column ltime in sys.user$. mvg, Jo ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of J. Dex Sent: maandag 22 maart 2010 15:57 To: oracle-l@xxxxxxxxxxxxx Subject: Account lock time Is it possible to tell what day/time a particular account is locked? The database is 10.2.0.4 ________________________________ Hotmail is redefining busy with tools for the New Busy. Get more from your inbox. Sign up now.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_2> ________________________________ Hotmail: Trusted email with Microsoft's powerful SPAM protection. Sign up now.<http://clk.atdmt.com/GBL/go/210850552/direct/01/>