Enabling or Disabling the Standard Audit Trail

Before you perform the standard auditing procedures described in this section, you must enable standard auditing. When you enable standard auditing, you can create the audit trail in the database audit trail or write the audit activities to an operating system file. If you write to an operating system file, you can create the audit record in text or XML format.

To enable or disable the standard audit trail:  

1. Start Database Control.

2. Log in as SYS and connect with the SYSDBA privilege.

   • User Name: SYS

   • Password: Enter your password.

   • Connect As: SYSDBA

3. Click Server to display the Server subpage.

4. In the Database Configuration section, click Initialization Parameters.

   The Initialization Parameters page appears.

5. Click SPFile to display the SPFile subpage.

   If the SPFile tab does not display in your installation, then you did not install Oracle Database using a server parameters file. Go to the next step.

6. In the Name field, enter audit_trail to find the AUDIT_TRAIL parameter, and then click Go.

   You can enter the first few characters of the parameter, for example, AUDIT_. Alternatively, you can scroll down the list of parameters to find the AUDIT_TRAIL parameter.

7. In the Value field, select one of the following values:

   • DB: Enables database auditing and directs all audit records to the database audit trail (SYS.AUD$), except for records that are always written to the operating system audit trail. (This value is the default if you created the database using Database Configuration Assistant. Otherwise, the default is NONE.)

   • OS: Enables database auditing and directs all audit records to an operating system file. Writing the audit trail to operating system files is better for performance instead of sending the audit records to the SYS.AUD$ table. If the auditor is distinct from the database administrator, you must use the operating system setting. Any auditing information stored in the database is viewable and modifiable by the database administrator.

     To specify the location of the operating system audit record file, set the AUDIT_FILE_DEST initialization parameter. The default directory is $ORACLE_HOME/rdbms/audit.

   • NONE: Disables standard auditing.

   • DB, EXTENDED: Performs all actions of the AUDIT_TRAIL=DB setting and also populates the SQL bind and SQL text CLOB-type columns of the SYS.AUD$ table, when available. (These two columns are populated only when this parameter is specified.)

   • XML: Writes to the operating system audit record file in XML format. Prints all elements of the AuditRecord node except Sql_Text and Sql_Bind to the operating system XML audit file.

   • EXTENDED: Specifies XML, EXTENDED, which performs all actions of XML and also populates the SQL bind and SQL text CLOB-type columns of the SYS.AUD$ table, wherever possible. (These columns are populated only when this parameter is specified.)

8. Click Apply.

9. Restart the Oracle Database instance:

   1. Click the Database Instance link.

   2. Click Home to display the Database Control home page.

   3. Under General, click Shutdown.

   4. In the Startup/Shutdown Credentials page, enter your credentials.

      See Shutting Down and Starting Up Using Oracle Enterprise Manager Database Control for more information.

   5. After the shutdown completes, click Startup.

Note the following:

• You do not need to restart the database if you change the auditing of objects. You only need to restart the database if you made a universal change, such as turning on or off all auditing or changing the destination of the audit trail operating system files.

• You do not need to set AUDIT_TRAIL to enable either fine-grained auditing or SYS auditing. (SYS auditing enables you to monitor the activities of a system administrator. See Oracle Database Security Guide for more information.) For fine-grained auditing, you add and remove fine-grained auditing policies as necessary, applying them to the specific operations or objects you want to monitor. You can use the AUDIT_SYS_OPERATIONS parameter to enable and disable SYS auditing.