Steps to enable user login auditing

 Steps to enable user login auditing:

Set the audit trail to "DB" (database level). You can do this in sqlplus or through any SQL tool you use to connect to the database.

ALTER SYSTEM SET audit_trail = 'DB' SCOPE = SPFILE;

This ensures that the audit trail is written to the database and will be available for querying later. 

You'll need to restart the database after running this command for the change to take effect.

2. Audit only user login activities: Use the following command to enable auditing specifically for login events:

AUDIT SESSION;

This will audit all login attempts (successful and failed) for all users. If you want to restrict auditing to only specific users, you can specify a user as follows:

AUDIT SESSION BY scott;

audit login attempts by a particular user or a set of users:

AUDIT SESSION BY user1, user2;

If you modified the audit_trail parameter, restart the database for the changes to take effect:

SHUTDOWN IMMEDIATE;

STARTUP;

Verifying the Audit Setup:

After setting the audit configuration, you can check the audit settings and verify if auditing is enabled by querying the DBA_AUDIT_TRAIL view:

SELECT * FROM DBA_AUDIT_TRAIL WHERE ACTION_NAME = 'LOGON';

This will show you the login-related audit entries.