How to Check Failed Login Attempts in Oracle Database

Native Auditing vs. Netwrix Auditor for Oracle Database
{{ firstError }}
We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for Oracle Database
Native Auditing
Netwrix Auditor for Oracle Database
Steps
  1. Run SQL Developer and connect to your Oracle Database as SYSDBA.
  2. Check to see whether auditing is enabled and an audit trail is being written to a database table by executing the following command in SQL Developer:

show parameter audit_trail

  1. If auditing is not enabled, run the following command in SQL Developer:

audit_trail="true"

  1. Then restart your database.
  2. To record unsuccessful logons, run the following command in SQL Developer:

audit session whenever not successful; 

  1. After you execute this command, all failed logon attempts will be directed to the database audit trail (the SYS.AUD$ table).
  2. To find failed logon attempts, execute the following script in SQL Developer:

select 
   os_username,
   username,
   terminal,
   to_char(timestamp,'MM-DD-YYYY HH24:MI:SS')
from
   dba_audit_trail;

Failed_Login_Attempts_Native_Auditing
  1. Run Netwrix Auditor → Navigate to Reports → Oracle Database → Select "Failed Activity" → Click "View" → in the "Actions" filter select only "Failed Logons'.
Failed_Login_Attempts_Netwrix_Auditor
Learn more about Netwrix Auditor for Oracle Database

Enable Oracle Audit of Failed Login Attempts to Shield Your Sensitive Data

A certain number of failed logon attempts to your systems is to be expected during normal business operations. But an unusual flurry or steady growth of failed logon attempts can indicate that an attacker or malicious software is attempting to get inside your database by guessing user names and passwords. Enabling Oracle audit of user login attempts that weren’t successful will help you detect insider and outsider threats in time to safeguard your Oracle Database against unauthorized access and data breaches.


Netwrix Auditor for Oracle Database provides complete visibility into and control over changes and access events in Oracle Database, including auditing of successful and failed logon attempts. A broad set of comprehensive predefined reports includes the “Failed Activity” report for Oracle Database, which enables you to easily audit failed login attempts. This report gives you all the critical who-what-when-where details about failed activity you need to streamline auditing of failed logons and minimize the risk of a security breach. Plus, you can store your complete Oracle Database audit trail for years in the cost-effective two-tiered (SQL database + file-based) storage.

Related How-tos
How to Monitor User Logоns in a Domain How to Detect Who Created a User Account in Active Directory How to Detect Who Deleted a User Account in Active Directory How to Detect Every Active Directory User’s Last Logon Date How to Export Group Policy Settings in Minutes How to Check Active Directory User Login History