1 Reply Latest reply on Jan 1, 2018 11:15 AM by Kishore_Reddy

    How to enable audit_trail in Oracle 11g?

    Praveen Kamble

      Dear Team,


      We are collecting audit logs from Oracle 11g ( into a syslog server/SIEM solution for log monitoring and analysis.

      For this we need to edit the parameter audit_trail to os,db etc.


      But unfortunately, we are unable to find the file initORACLE_SID.ora, in which the audit_trail parameter is edited.

      This file is missing in Oracle 11g.


      Also, we tried to run the command - alter system set audit_trail=os scope=spfile;

      after running this command, we are getting error - "insufficient privileges", where as we are logging in as admin, sysdba.

      Attaching the screenshot below:



      Can i request your help here in the above 2 scenarios.

      I am from security background, need your help on the database part. Would be much appreciated.



      Best Regards,

      Praveen Kamble

        • 1. Re: How to enable audit_trail in Oracle 11g?

          Hi Praveen,


          You can set the  database initialization parameter AUDIT_TRAIL to DB or OS for enabling auditing. The DB setting means the audit trail records are stored in the database in the SYS.AUD$ table. OS will send the audit trail records to an operating system file. The OS setting is operating system-dependent and is not supported on all operating systems.


          SQL> ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE;



          System altered.



          SQL> SHUTDOWN

          Database closed.

          Database dismounted.

          ORACLE instance shut down.

          SQL> STARTUP

          ORACLE instance started.



          Total System Global Area  289406976 bytes

          Fixed Size                  1248600 bytes

          Variable Size              71303848 bytes

          Database Buffers          213909504 bytes

          Redo Buffers                2945024 bytes

          Database mounted.

          Database opened.