1 Reply Latest reply on Jan 1, 2018 11:15 AM by Kishore_Reddy

How to enable audit_trail in Oracle 11g?

Praveen Kamble Jul 24, 2017 11:28 AM

Dear Team,

We are collecting audit logs from Oracle 11g (11.2.0.4.0) into a syslog server/SIEM solution for log monitoring and analysis.

For this we need to edit the parameter audit_trail to os,db etc.

But unfortunately, we are unable to find the file initORACLE_SID.ora, in which the audit_trail parameter is edited.

This file is missing in Oracle 11g.

Also, we tried to run the command - alter system set audit_trail=os scope=spfile;

after running this command, we are getting error - "insufficient privileges", where as we are logging in as admin, sysdba.

Attaching the screenshot below:

Can i request your help here in the above 2 scenarios.

I am from security background, need your help on the database part. Would be much appreciated.

Best Regards,

Praveen Kamble

1. Re: How to enable audit_trail in Oracle 11g?

Kishore_Reddy Jan 1, 2018 11:15 AM (in response to Praveen Kamble)

Hi Praveen,

You can set the database initialization parameter AUDIT_TRAIL to DB or OS for enabling auditing. The DB setting means the audit trail records are stored in the database in the SYS.AUD$ table. OS will send the audit trail records to an operating system file. The OS setting is operating system-dependent and is not supported on all operating systems.

SQL> ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE;

System altered.

SQL> SHUTDOWN
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> STARTUP
ORACLE instance started.

Total System Global Area 289406976 bytes
Fixed Size                  1248600 bytes
Variable Size              71303848 bytes
Database Buffers          213909504 bytes
Redo Buffers                2945024 bytes
Database mounted.
Database opened.
SQL>
Like Show 2 Likes(2)

Actions

Join the world’s largest interactive community dedicated to Oracle technologies.