By using standard auditing, operations performed against database objects by sys
or users with sysdba
and sysoper
privileges are not audited. Only details about logon including the terminal and the date are audited by mandatory auditing. This recipe will show you how to enable the audit for sys
users.
In a separate terminal open
/var/log/oracle_audit.log
with thetail –f
command. From a second terminal connect assysdba
and issue a count against thehr.employees
table:SQL> conn / as sysdba Connected. SQL> select count(*) from hr.employees; COUNT(*) ---------- 107
If you now look at
/var/opt/oracle_audit.log
you will see that nothing was recorded.Connect as
sysdba
and modifyaudit_sys_operation
totrue
as follows:SQL> alter system set audit_sys_operations=true scope=spfile;
Bounce the database.
Connect as
sysdba
and reissue the count againsthr.employees
:SQL...