SQL> audit session whenever not successful; Audit succeeded. SQL> conn asdf/asdf ERROR: ORA-01017: invalid username/password; logon denied SQL> conn / as sysdba Connected. SQL> select * from (select username, action_name, returncode from dba_audit_trail 2 order by timestamp desc) where rownum <= 1; USERNAME ACTION_NAME RETURNCODE ------------------------------ ---------------------------- ---------- ASDF LOGON 1017 Thanks, Timur Akhmadeev -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Martin Klier Sent: Friday, July 31, 2009 17:53 To: 'oracle-l@xxxxxxxxxxxxx' Subject: How to log attempts to connect as a locked user account Dear list, I want to design poor man's auditing for one single case: My user accounts are locked, and I want to log the connection attempts. But since there is no BEFORE LOGON ON DATABASE trigger (for rather obvious reasons). (Background info: Decommissioning of a test database: I want to find ancient jobs or autistic developers that don't complain, before dropping the storage there.) Is there any best practice for this? I'm using 9i, 10g and 11g. Thanks for any response Martin Klier -- Usn's IT Blog for Linux, Oracle, Asterisk http://www.usn-it.de -- //www.freelists.org/webpage/oracle-l The information transmitted herein is intended only for the person or entity to which it is addressed and may contain confidential, proprietary and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.