Where to Audit
Once you’ve decided to enable some form of auditing, you next have to decide where the audit information will be stored. If the operating system supports an audit trail that’s stored outside the database, you can write the audit trail either directly to an operating system file or to the database.
Two INIT.ORA parameters control the auditing
actions:
- AUDIT_FILE_DEST
Tells Oracle the directory name in which the audit trail is to be written. The default value for this parameter is $ORACLE_HOME/RDBMS/AUDIT.
- AUDIT_TRAIL
Enables or disables auditing.
As a value for AUDIT_TRAIL, specify one of these values:
“NONE,” “OS,” or “DB.” If you
specify “NONE” (the default), no non-default auditing
will occur. If you specify “OS,” system-wide auditing
will be turned on and the results written to a file in the
AUDIT_FILE_DEST directory. The information
written to the operating system file will be encoded and is not
readable. If you specify “DB,” system-wide auditing will
be enabled and the results stored in the SYS.AUD$ table in the
sys schema in an unencoded, readable format.
Oracle supplies several views against the SYS.AUD$ table to make viewing of the audit information easier. Oracle-supplied tools, such as SQL*Plus, can be used to generate reports about the auditing outcome.
About the SYS.AUD$ Table
Because the SYS.AUD$ table is owned by sys, the values are stored in the system tablespace. High audit activity results in fragmentation of the system tablespace — not a good ...
Get Oracle Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
