I answered something similar a while back, see:
http://community.arubanetworks.com/t5/Network-Management/Airwave-Password-Recovery/m-p/34149/highlight/true#M351
------figured I'd copy my reply here------
Keep in mind that in AMP 8+, there's an additional column 'is_enabled' that should be set to 1. You may also need to reset 'login_attempts' as well (by default, the max login attempts is 10 tries before account is disabled).
# dbc "select * from users where username='admin';"
-[ RECORD 1 ]---+-------------------------------------------------------------------------------------------------------------------------------
id | 1
username | admin
password | 2cf94b0aea63ebf7bf41c90fe500603e
role_id | 5
full_name | admin
email | admin@blank.com
phone | 555-555-5555
notes |
password_format | md5
login_attempts | 0
is_enabled | 1
------and answering the rest of your question------
1) You can parse for login attempts on the /var/log/httpd/access_log
2) If 10 login attempts is not enough, you can set it to a higher value like so:
# dbc 'update seas_config set max_login_attempts=100'
Keep in mind that the more attempts allowed, the more open you allow the system to be against brute force attacks from the UI.
3) The users.login_attempts are reset after a successful login.
4) When users.login_attempts meets the value of seas_config.max_login_attempts, is_enabled is set to 0 which means the account is disabled and requires an admin user to reset (admin users can re-enable accounts from the AMP Setup -> Users page)