AUDIT_TRAIL Set to DB (DB,EXTENDED) yet Some Audited Entries for non-Sysdba Users Are Created in the OS Trail.
(Doc ID 1279934.1)
Last updated on FEBRUARY 27, 2019
Applies to:Oracle Database - Enterprise Edition - Version 18.104.22.168 and later
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Information in this document applies to any platform.
Checked for relevance on 13-MAR-2013
The audit_trail is set to DB or even DB,EXTENDED, however, in the audit_file_dest directory there can be found files holding entries that are not created by SYS.
The AUDIT_SYS_OPERATIONS is set on TRUE.
NAME TYPE VALUE
audit_file_dest string <some directory>
audit_sys_operations boolean TRUE
audit_trail string DB, EXTENDED
Audit entries are clearly not created by SYS:
ACTION : ' SELECT st.name, st.address, st.protocol FROM "BET"."AQ$_SLIP_SUGGESTION_AQ_TABLE_S" st WHERE queue_name = :1 AND (bitand(st.subscriber_type, 1) = 1) ORDER BY st.name '
DATABASE USER: 'SOMEUSER'
PRIVILEGE : 'NONE'
CLIENT USER: ''
CLIENT TERMINAL: 'unknown'
The database has been upgraded to 10.2.0.5, 22.214.171.124 or 11.2
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document