Pando, I think you are mixing two auditing concepts: one is "SQL statement auditing" and other is "priviledge usage auditing". In your last post you are quoting statement auditing, while in your first post you are complaining about priviledge auditing not working.

Let's see:
audit drop any table by user1

not working
This is example of priviledge usage auditing. An audit trail record will be recorded only if the user1 will use drop any table system priviledge when droping the table. That means that if he drops one of his own tables the audit trail will not be created, because he doesn't need "drop any table" priviledge for that. So did you test this by droping a table from some other user's schema? It should write an audit trail.

audit drop any table

not working
Same as the abowe but this time valid for any user. Again audit trail is created only when table from someone elses schema is droped.

audit create table by user1

works
This is another type of auditing - statement auditing. This time audit trail will be created whenever user1 uses "drop table" statement, no matter if the table is in his own's schema or not.

I think you performed those DROPs and CREATEs on user's own schema, that is why it seemed that the first two are not working while the last one is.

There is one odd thing with DROP TABLE and TRUNCATE TABLE statement auditing. You can't specify any of those two actions to be audited explicitely (ORA-956), like you can with CRATE TABLE. So you can't use "AUDIT DROP TABLE;" command. You can only set auditing for DROP and TRUNCATE by isuing "AUDIT TABLE;", which incorporates CREATE, TRUNCATE and DROP. So by setting "AUDIT TABLE;" audit trial will be created whenever someone isues CREATE TABLE, DROP TABLE or TRUNCATE TABLE statement.

BTW, I just noticed one strange thing on my test DB (8.1.7.1.2). AUDIT_TRIAL is set to TRUE. When I started auditing logins/logoffs by isuing "AUDIT SESSION", every new session has been audited immediately. But if I use any other auditing command (like "AUDIT TABLE;"), the table statements ussage was not audited until I restarted the database. After that everything went normal and audit trail has started to reflect the changes. I found this to be true for every auditing statement, except for AUDIT SESSION. I haven't found anything regarding this unusual behaviour in the documentation, so I think this is a bug. Can anyone else reproduce this?