게시글 보기
작성자 유건데이타 등록일 2016-10-17
제목 audit를 db쪽으로 설정후 파일이 o/s 로 떨어지는 경우
원래 connect shutdown startup 은 os로 떨어진다

AUDIT_SYS_OPERATIONS Set To FALSE Yet Audit Files Are Generated (문서 ID 308066.1)

Oracle Server - Enterprise Edition - Version to [Release 9.2 to 11.2]
Information in this document applies to any platform.
Checked for relevance on 11-Sep-2010


Users find audit file are generated at Audit_File_Dest location. They can see database instance has the following setting .

1. audit_sys_operations=FALSE
2. audit_file_dest=/oracle10g/10.1.0/rdbms/audit
3. audit_trail=NONE

Although the audit_sys_operations is set to FALSE, the audit files were still been generated audit_file_dest.

AUDIT FILE ( *.aud ) output includes

Wed May 4 09:23:30 2005
CLIENT USER: oracle10g


Expected behavior. Regardless of whether database auditing is enabled, Oracle always audits certain database-related operations and writes them to the operating system audit file.


These operations include the following operations are audited:

Connections to the instance with administrator privileges

An audit record is generated that lists the operating system user connecting to Oracle as SYSOPER
or SYSDBA. This provides for accountability of users with administrative privileges. Full auditing
for these users can be enabled as explained in "Auditing Administrative Users".

Database startup

An audit record is generated that lists the operating system user starting the instance, the user's terminal identifier, the date and time stamp, and whether database auditing was enabled or disabled. This is stored in the operating system audit trail because the database audit trail is not available until after startup has successfully completed. Recording the state of database auditing at startup helps detect when an administrator has restarted a database with database auditing disabled (thus enabling the administrator to perform unaudited actions).

Database shutdown

An audit record is generated that lists the operating system user shutting down the instance, the
user's terminal identifier, and the date and time stamp.

등록된 코멘트가 없습니다.