Weblogic Auditing Provider Not Logging the <USERLOCKED> Event
(Doc ID 2699117.1)
Last updated on AUGUST 13, 2020
Applies to:Oracle WebLogic Server - Version 10.3.6 to 184.108.40.206.0
Information in this document applies to any platform.
<USERLOCKED> Audit Event is not getting logged in the Audit logs .
1) Login to console--security realms---my realm-- Providers -- Auditing --Create new Auditing provider
2) Click on the new Auditing provider ---configuration---Provider Specific---this page has options to configure auditing log rotation / severity
3) After this configuration restart the weblogic admin server and try to login to the console with wrong password .
By default 5 consecutive invalid login attempts will lock the user after which you should see the below message in the Audit logs:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document