Greetings, I have used the following steps to track the users with failed login. Step 1: Change the initialization parameter audit_trail to be: audit_trail=db, bounce the database Step 2: connect to the database as a user that has the privilege "AUDIT SYSTEM" (both SYS and SYSTEM has this privilege) SQL> audit session whenever not successful; Step 3: At this point we can see these unsuccessful logins by monitoring the 'dba_audit_trail' view Note :If we want to disable this tracking then we can use SQL> noaudit session whenever not successful; Note: This auditing does not get disabled by bouncing the database. Thanks, Ashoke -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Drake Sent: Monday, August 15, 2005 1:03 PM To: mschmitt@xxxxxxxxxxxx Cc: oracle-l@xxxxxxxxxxxxx Subject: Re: Username with failed login On 8/15/05, Mike Schmitt <mschmitt@xxxxxxxxxxxx> wrote: > > Hi All, > > I am trying to catch failed login attempts by using an after > servererror database trigger. We would like to be able to catch the > username that is being provided with these attempts, but so far I haven't had any luck. > > Is is possible to capture the name that was provided as part of the > logon attempt and record that information, or do we have to use a > different method? > > The edited trigger/proc we are using look like the following (We are > using > 9.2.0.4): > > Mike, Instead of coding this by hand, why not just leverage the provided functionality? SQL> show parameter audit_trail NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ audit_trail string TRUE SQL> audit session whenever not successful; Audit succeeded. SQL> connect notauser/notmypass@mydb ERROR: ORA-01017: invalid username/password; logon denied Warning: You are no longer connected to ORACLE. after reconnecting with a prvileged account: 1 select username, userhost, returncode 2 from dba_audit_session 3 where timestamp>sysdate-1/24 4* and username='NOTAUSER' SQL> / USERNAME USERHOST RETURNCODE --------------- ------------------------------ ---------- NOTAUSER MYDOMAIN\MYDESKTOP 1017 hth. Pd -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l