WebLogic Auditing Provider Not Logging the <USERLOCKED> Event (Doc ID 2699117.1)

Last updated on OCTOBER 17, 2023

Applies to:

Oracle WebLogic Server - Version 10.3.6 to 12.2.1.4.0
Information in this document applies to any platform.

Symptoms

<USERLOCKED> Audit Event is not getting logged in the Audit logs .

Steps followed:

1) Login to console--security realms---my realm-- Providers -- Auditing --Create new Auditing provider
2) Click on the new Auditing provider ---configuration---Provider Specific---this page has options to configure auditing log rotation / severity
3) After this configuration restart the WebLogic admin server and try to login to the console with wrong password .

By default 5 consecutive invalid login attempts will lock the user after which you should see the below message in the Audit logs:

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

WebLogic Auditing Provider Not Logging the <USERLOCKED> Event (Doc ID 2699117.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!