- Run SQL Developer and connect to your Oracle Database as SYSDBA.
- Check to see whether auditing is enabled and an audit trail is being written to a database table by executing the following command in SQL Developer:
show parameter audit_trail
- If auditing is not enabled, run the following command in SQL Developer:
- Then restart your database.
- To record unsuccessful logons, run the following command in SQL Developer:
audit session whenever not successful;
- After you execute this command, all failed logon attempts will be directed to the database audit trail (the SYS.AUD$ table).
- To find failed logon attempts, execute the following script in SQL Developer:
- Run Netwrix Auditor → Navigate to Reports → Oracle Database → Select "Failed Activity" → Click "View" → in the "Actions" filter select only "Failed Logons'.