WebLogic Auditing Provider Not Logging the <USERLOCKED> Event
(Doc ID 2699117.1)
Last updated on OCTOBER 12, 2021
Applies to:Oracle WebLogic Server - Version 10.3.6 to 126.96.36.199.0
Information in this document applies to any platform.
<USERLOCKED> Audit Event is not getting logged in the Audit logs .
1) Login to console--security realms---my realm-- Providers -- Auditing --Create new Auditing provider
2) Click on the new Auditing provider ---configuration---Provider Specific---this page has options to configure auditing log rotation / severity
3) After this configuration restart the WebLogic admin server and try to login to the console with wrong password .
By default 5 consecutive invalid login attempts will lock the user after which you should see the below message in the Audit logs:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document