When reviewing failed login attempts with this query:
SELECT username, os_username, userhost, terminal, to_char(timestamp,'dd-mon-rrrr hh:mi:ss')
WHERE returncode != 0
and trunc(timestamp) >= trunc(sysdate-1)
ORDER BY 5
I find some records for a username that does not exist. In any of my databases. I presume that if an attempt to a nonexistent user was made, it would be rejected before it gets to the db. But then again, a bad password would also be rejected.
I can't seem to find information about this anywhere. Anyone have any experience with this?