No sanjay.....what i meant to say was whether u set it to
OS or not, anyway ORACLE is going to write into audit file
at the OS level...then what is the use of it ?
Auditing option allows you to collect some information related to DML, DLL, connections ... (Suspicious or normal Database Activity). You can store data collect in the database (in SYS.AUD$ table) or in an OS file (OS level).
Yes noor,
What i am trying to say is irrespective of setting it to OS or DB, audit files are always generated in the path specified by audit_file_dest.....
So what for is this audit_tria=OS....
Events Audited by Default
Regardless of whether database auditing is enabled, Oracle will always audit certain database-related actions into the operating system audit trail. These events include the following:
Instance startup
An audit record is generated that lists the OS user starting the instance, the user's terminal identifier, the date and time stamp, and whether database auditing was enabled or disabled. This is stored in the OS audit trail because the database audit trail is not available until after startup has successfully completed. Recording the state of database auditing at startup also prevents an administrator from restarting a database with database auditing disabled (so they can perform unaudited actions).
Instance shutdown
An audit record is generated that lists the OS user shutting down the instance, the user's terminal identifier, the date and time stamp.
Connections to the database with administrator privileges
An audit record is generated that lists the OS user connecting to Oracle as SYSOPER or SYSDBA, to provide accountability of users with administrator privileges.
Originally posted by sonia No sanjay.....what i meant to say was whether u set it to
OS or not, anyway ORACLE is going to write into audit file
at the OS level...then what is the use of it?
If you set AUDIT_TRAIL=OS whatever auditing you turn on, will be saved to OS files but if you set it to DB, the information will go to sys.aud$ (other than default audit, as pando mentioned)
Originally posted by pando itīs obvious you have not read the docs
quote:
Events Audited by Default
Regardless of whether database auditing is enabled, Oracle will always audit certain database-related actions into the operating system audit trail. These events include the following:
Instance startup
An audit record is generated that lists the OS user starting the instance, the user's terminal identifier, the date and time stamp, and whether database auditing was enabled or disabled. This is stored in the OS audit trail because the database audit trail is not available until after startup has successfully completed. Recording the state of database auditing at startup also prevents an administrator from restarting a database with database auditing disabled (so they can perform unaudited actions).
I'm starting to understand this aspect of auditing, but I don't see the information about whether auditing was disabled or enabled at startup in the audit file. The only I see in the audit record about the startup is this:
....
Wed Jan 5 12:34:24 2005
ACTION : 'STARTUP'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: jsmith
CLIENT TERMINAL: Not Available
STATUS: 0
...
So where's the info about auditing being on or off at startup??
Originally posted by dbbyleo I'm starting to understand this aspect of auditing, but I don't see the information about whether auditing was disabled or enabled at startup in the audit file. The only I see in the audit record about the startup is this:
....
Wed Jan 5 12:34:24 2005
ACTION : 'STARTUP'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: jsmith
CLIENT TERMINAL: Not Available
STATUS: 0
...
So where's the info about auditing being on or off at startup??
what your saw is exactly what pando is referring to
Reply With Quote
Bookmarks