- Run SQL Developer and connect to your Oracle Database as SYSDBA.
- Check to see whether auditing is enabled and an audit trail is being written to a database table by executing the following command in SQL Developer:
show parameter audit_trail
- If auditing is not enabled, run the following command in SQL Developer:
audit_trail="true"Then restart your database.
- To record unsuccessful logons, run the following command in SQL Developer:
audit session whenever not successful;After you execute this command, all failed logon attempts will be directed to the database audit trail (the SYS.AUD$ table).
- To find failed logon attempts, execute the following script in SQL Developer:
- Run Netwrix Auditor → Navigate to Reports → Oracle Database → Select "Failed Activity" → Click "View" → in the "Actions" filter select only "Failed Logons'.
Enable Oracle Audit of Failed Login Attempts to Shield Your Sensitive Data
Netwrix Auditor for Oracle Database provides complete visibility into and control over changes and access events in Oracle Database, including auditing of successful and failed logon attempts. A broad set of comprehensive predefined reports includes the “Failed Activity” report for Oracle Database, which enables you to easily audit failed login attempts. This report gives you all the critical who-what-when-where details about failed activity you need to streamline auditing of failed logons and minimize the risk of a security breach. Plus, you can store your complete Oracle Database audit trail for years in the cost-effective two-tiered (SQL database + file-based) storage.