Monitor unsuccessful logins

//specify that you want to audit the unsuccessful loging
audit create session whenever not successful;

//create new tablespace, which will contain aud$_backup table
CREATE TABLESPACE AUDIT_DATA DATAFILE
  'M:\ORADATA\CDM4\audit_data_001.dbf' SIZE 10M AUTOEXTEND OFF
LOGGING
PERMANENT
EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M
BLOCKSIZE 8K
SEGMENT SPACE MANAGEMENT MANUAL;
//create table to contain contain information from sys.aud$ table
CREATE TABLE SYSTEM.AUD$_BACKUP TABLESPACE AUDIT_DATA
AS SELECT * FROM SYS.AUD$
WHERE 1=2;

// Create a procedure that moves the rows from SYS.AUD$ to SYSTEM.AUD$_BACKUP

CREATE OR REPLACE PROCEDURE MOVE_AUD_LOG
IS
  rowCount NUMBER;
BEGIN
  SELECT COUNT(*) INTO rowCount FROM sys.aud$ ;
  IF rowCount > 0
  THEN
    COMMIT;
    INSERT /*+ APPEND */ INTO SYSTEM.aud$_bu (SELECT * FROM sys.aud$);
 COMMIT;
     EXECUTE IMMEDIATE 'truncate table sys.aud$';
    sys.Dbms_System.ksdwrt (3,'ORA-AUDIT TRAIL: rows moved from SYS.AUD$ to SYSTEM.AUD$_BU');
  END IF;
END MOVE_AUD_LOG;
/

// Execute the procedure every day at midnight as a job

DECLARE
  X NUMBER;
BEGIN
  SYS.DBMS_JOB.SUBMIT
    (
      job        => X
     ,what       => 'SYS.MOVE_AUD_LOG;'
     ,next_date  => TO_DATE('12/09/2012 12:00:00','dd/mm/yyyy hh24:mi:ss')
     ,INTERVAL   => 'TRUNC(SYSDATE+1)'
     ,no_parse   => FALSE
    );
END;
/