Some user/application tried wrong password for more than ten times which locked the user account as per our policy. Auditing on logon/logout level enabled. We are able to track down the application server and ip address but not sure which application or user on that application server did that.
Is there any way to dig that out.
use this reference:
note 352389.1 Finding the source of failed login attempts.
it has some sample code for a trigger you can use, you can even let it hang in dbms_lock.sleep so you can check the client host for the application before it exits,
Harm ten Napel