Received: by 10.180.87.170 with SMTP id az10mr2112684wib.0.1352352916421;
        Wed, 07 Nov 2012 21:35:16 -0800 (PST)
Date: Sun, 04 Nov 2012 11:34:18 +0100
From: "Gerard H. Pille" <g...@skynet.be>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120715 Firefox/14.0.1 SeaMonkey/2.11
MIME-Version: 1.0
Newsgroups: comp.databases.oracle.server
Subject: Re: Identify user with incorrect password locking the database
References: <e7fc3536-07ed-40d2-a740-e0ebe2514736@googlegroups.com>
In-Reply-To: <e7fc3536-07ed-40d2-a740-e0ebe2514736@googlegroups.com>
Lines: 6
Message-ID: <509644aa$0$3112$ba620e4c@news.skynet.be>
Organization: -= Belgacom Usenet Service =-
NNTP-Posting-Host: 32311d37.news.skynet.be
X-Trace: 1352025258 news.skynet.be 3112 91.181.156.179:10993
X-Complaints-To: usenet-abuse@skynet.be
Path: ha8ni167487wib.1!nntp.google.com!feeder1.cambriumusenet.nl!194.109.133.85.MISMATCH!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!newspeer1.nac.net!border4.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!news.mccarragher.com!news.grnet.gr!goblin3!goblin2!goblin.stu.neva.ru!feeder2.cambriumusenet.nl!feed.tweaknews.nl!195.238.0.231.MISMATCH!news.skynet.be!195.238.0.222.MISMATCH!newsspl501.isp.belgacom.be!tjb!not-for-mail
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

rexnfx...@gmail.com wrote:
> I've recently changed the password on my database. Now the database keeps getting locked out from some program that's using the old credentials. There were a lot of client programs that used the same credentials. Is there any way to track down the offending program and which machine this is originating from? We've already changed our lockout policy as much as we can given company policy.
> Thanks,
>

I'd check the listener logs for starters.