My Oracle Support Banner

AUDIT_TRAIL Set to DB (DB,EXTENDED) yet Some Audited Entries for non-Sysdba Users Are Created in the OS Trail. (Doc ID 1279934.1)

Last updated on FEBRUARY 27, 2019

Applies to:

Oracle Database - Enterprise Edition - Version 11.2.0.2 and later
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Information in this document applies to any platform.
Checked for relevance on 13-MAR-2013

Symptoms

The audit_trail is set to DB or even DB,EXTENDED, however, in the audit_file_dest directory there can be found files holding entries that are not created by SYS.
The AUDIT_SYS_OPERATIONS is set on TRUE.

SQL> show parameter audit

NAME TYPE VALUE
----------------------------------------
audit_file_dest string <some directory>
audit_sys_operations boolean TRUE
audit_trail string DB, EXTENDED


Audit entries are clearly not created by SYS:

LENGTH : '327'
ACTION :[172] ' SELECT st.name, st.address, st.protocol FROM "BET"."AQ$_SLIP_SUGGESTION_AQ_TABLE_S" st WHERE queue_name = :1 AND (bitand(st.subscriber_type, 1) = 1) ORDER BY st.name '
DATABASE USER:[7] 'SOMEUSER'
PRIVILEGE :[4] 'NONE'
CLIENT USER:[0] ''
CLIENT TERMINAL:[7] 'unknown'
STATUS:[1] '0'
DBID:[10] SOMEDBID00'

Changes

The database has been upgraded to 10.2.0.5, 11.1.0.7 or 11.2

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.