This content has been marked as final. Show 7 replies
Are you accessing as sysdba?
Also see http://psoug.org/reference/auditing.html
An audit files are created every time you login as user SYS. The are located in $ORACLE_HOME/rdbms/audit.1 person found this helpful
You can clean out old files without problem if necessary. For instance, using a cron entry as user Oracle that deletes audit files older than 1 month:
30 0 * * * find /u01/app/grid/11.2.0/grid/rdbms/audit -maxdepth 1 -name '*.aud' -mtime +30 -delete >/dev/null 2>&1
No i connect as myself.
Thank You. your suggestion is useful, but is there a way to stop it from creating. i am looking for some disable option on the Grid Control.
Please show us one of the aud files. Perhaps your sysman login (or whatever your version uses) is sysdba, rather than you.
i have trimmed the query in the middle, i did not run the query, i am sure it is from OEM.
Edited by: dbmechanic on Nov 20, 2012 6:05 PM
$more xims_ora_25539_1.aud Audit file /oracle/app/oracle/audit/xims_ora_25539_1.aud Oracle Database 11g Enterprise Edition Release 22.214.171.124.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options ORACLE_HOME = /oracle/app/oracle/product/126.96.36.199/db1 System name: SunOS Node name: jpmcqa98 Release: 5.10 Version: Generic_99999 Machine: sun4u Instance name: xims Redo thread mounted by this instance: 1 Oracle process number: 610 Unix process pid: 25539, image: oracle@jpmcqa98 Tue Nov 20 15:24:01 2012 -05:00 LENGTH : '8052' ACTION : 'SELECT event, wait_class, dim_percentage, dim_act_sessions FROM (SELECT event, wait_class ,....<<<<TRIMMED FOR BREVITY>>>(:ash_module IS NULL OR module like :ash_module) AND (:ash_action IS NULL OR action like :ash_action) AND (:ash_client_i d IS NULL OR client_id like :ash_client_id) AND (:ash_plsql_entry IS NULL OR ( (unified_ash.dbid, unified_ash.plsql_entry_object_id , unified_ash.plsql_entry_subprogram_id) IN (select d.dbid, object_id, subprogram_id from ( select object_id, subprogram_id, object_type, owner, object_name, procedure_name, overload from dba_procedures ) plsname1, v$database d where dbms_ash_internal.format_plsq l(plsname1.owner, plsname1.object_name, plsname1.object_type, plsname1.procedure_name, plsname1.overload) like :ash_plsql_entry) ) ) ) a WHERE 1 = 1 and session_type = 'FOREGROUND' GROUP BY event, wait_class ) ash WHERE ash.dim_percentage >= 1 AND ash.dim_rank <= 5 ORDER BY ash .dim_rank' DATABASE USER: 'klyde' PRIVILEGE : 'NONE' CLIENT USER: 'NET8/klyde' CLIENT TERMINAL: 'pts/3' STATUS: '0' DBID: '1016814029'
Hmmm, I'm not up on ASH security, but the user must have something granted to see it (or maybe ASH does something to public). I'd say ask support if it is a bug, maybe someone more up on that stuff can help. Perhaps the em forum could help more. Did you say you have enterprise edition with the diagnostic license?