2 Replies Latest reply: Jun 15, 2012 10:36 AM by Rasheed_ RSS

    Audit Enable on database

      Can Any body tell what will be impact of Audit all option . I will be doing below steps to enable auditing on 9i and 10g database.

      1. Audit_trail=db
      2. Audit_sys_operations=true
      3 . Audit all .

      Please let me what all the action will be audited. which all user will be audit .

      Thanks in Advance ..!
        • 1. Re: Audit Enable on database
          Just to make it clear: this is not an Audit Vault issue.

          We can't tell the impact, once we don't know about your database.

          When you set to 'audit all', you are auditing all objects and all users in the database.

          Check this:

          When you set Audit_trail=db, you choose to record the audits in a table called aud$, and it has a lot of views:
          Check this

          When you set 'Audit_sys_operations=true' means that you are auditing sys user as well.

          Hope that helps.

          Edited by: BSalesRashid on 15/06/2012 06:15
          • 2. Re: Audit Enable on database
            1- audit_trail=db set all non sys audit record to data dictionary
            (eg : aud$ but, sql_bind,sql_text columns of aud$ will not be populated if you set audit_trail=db, if required this audit info also then
            set audit_trail=db_extended or db,extended )

            2 - Audit_sys_operations=true will audit sys user activities and will be recorded in audit file located at audit_file_dest

            3- SQL>Audit all; start audit all successful connected session ( audit record to respective datadictiories eg :dba_audit_session)

            Note:all activities that are not audited when you specify Audit All,
            so better to go for specific audit option(eg:SQL>audit delete on <tab> by access) to make sure that activities on obj audited