Standard Database Auditing

Oracle Database provides robust audit support in both the Enterprise and Standard Edition of the database. Audit records include information about the operation that was audited, the user performing the operation, and the date and time of the operation. Audit records can be stored in the database audit trail or in files on the operating system. Standard auditing includes operations on privileges, schemas, objects, and statements.

Oracle recommends that the audit trail be written to the operating system files as this configuration imposes the least amount of overhead on the source database system. To enable database auditing, the initialization parameter, AUDIT_TRAIL, should be set to one of these values:

In addition, the following database parameters should be set:

• Init.ora parameter: AUDIT_FILE_DEST — Dynamic parameter specifying the location of the operating system audit trail. The default location on Unix/Linux is $OH/admin/$ORACLE_SID/adump. The default on Windows is the event log. For optimal performance, it should refer to a directory on a disk that is locally attached to the host running the Oracle instance.
• Init.ora parameter: AUDIT_SYS_OPERATIONS — Enables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges. The audit trail data is written to the operating system audit trail. This parameter should be set to true.

For more information and best practices on Oracle Database Auditing please read the best practices paper on the Oracle Audit Vault OTN page. Detailed information on database auditing can be found in the introductory Oracle Database 2 Day + Security Guide and the Oracle Database Security Guide.