Sure there's an easy way to do this. My minds gone blank.

Want to allow users 3 attempts to access the database then audit the failure and lock their account.

I was going to use a password profile for the 3 attempts and lock part but how to log it? Will a failed log in be written to SYS.AUD$

Hang on answering my own question here...USER_AUDIT_SESSION?

Anyone implemented this?