AUDIT_TRAIL Set to DB (DB,EXTENDED) yet Some Audited Entries for non-Sysdba Users Are Created in the OS Trail.
Last updated on NOVEMBER 21, 2017
Applies to:Oracle Database - Enterprise Edition - Version 220.127.116.11 and later
Information in this document applies to any platform.
Checked for relevance on 13-MAR-2013
The audit_trail is set to DB or even DB,EXTENDED, however, in the audit_file_dest directory there can be found files holding entries that are not created by SYS.
The AUDIT_SYS_OPERATIONS is set on TRUE.
NAME TYPE VALUE
audit_file_dest string <some directory>
audit_sys_operations boolean TRUE
audit_trail string DB, EXTENDED
Audit entries are clearly not created by SYS:
ACTION : ' SELECT st.name, st.address, st.protocol FROM "BET"."AQ$_SLIP_SUGGESTION_AQ_TABLE_S" st WHERE queue_name = :1 AND (bitand(st.subscriber_type, 1) = 1) ORDER BY st.name '
DATABASE USER: 'SOMEUSER'
PRIVILEGE : 'NONE'
CLIENT USER: ''
CLIENT TERMINAL: 'unknown'
The database has been upgraded to 10.2.0.5, 18.104.22.168 or 11.2
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms