1 Reply Latest reply: Aug 23, 2012 8:10 AM by SherrieK RSS

    DBA_AUDIT_SESSION failed login for username that does now exist

      When reviewing failed login attempts with this query:

      SELECT username, os_username, userhost, terminal, to_char(timestamp,'dd-mon-rrrr hh:mi:ss')
      FROM sys.dba_audit_session
      WHERE returncode != 0
      and trunc(timestamp) >= trunc(sysdate-1)
      ORDER BY 5

      I find some records for a username that does not exist. In any of my databases. I presume that if an attempt to a nonexistent user was made, it would be rejected before it gets to the db. But then again, a bad password would also be rejected.

      I can't seem to find information about this anywhere. Anyone have any experience with this?