Question : How to log Audit Trail to operating system log files

I have successfully initiated auditing with the Audit_Trail initialization parameter set to 'DB'. The audit trail is written to the SYS.AUD$ table.

In Oracle Enterprise Manager, I connected to database as SYS with sysdba privileges
Go to Instance, Configuration
On right side of dialog, select button All Initialization Parameters
At Audit Trail paramter select None and change to DB
Hit apply button at bottom of dialag
Stop and start the database
Go to Security, Users
Select SYSTEM user
On right side of dialog, select System tab
Add Audit System privilege to user
start sqlplus and connect as system
issue the following sql statement: audit select, insert, update, delete on user.table_name by session;
connect as user;
select * from table_name;

connect as system user
issue the following:
select os_username,username,terminal,owner,obj_name,action_name,DECODE(Returncode,'0','Success',Returncode),TO_CHAR(Timestamp,'DD-MON-YYYY HH24:MI:SS') from DBA_AUDIT_OBJECT;

The select statement shows up in the query results.

However I would like to have the audit trail logged to a log file rather than to a table. I set the Audit_Trail parameter to 'OS' but could not find any log file anywhere that was being written to.

I am running Oracle 9.2.0.4 Enterprise Edition on Windows 2000 Server OS. Where is the audit trail logged when the Audit_Trail parameter is set to 'OS'?

Please provide me with specific file name and location.

Thanks

Dave

Answer : How to log Audit Trail to operating system log files

Here's what the Oracle9 documentation has to say on the subject, it looks like you need to look in Event Viewer. (I also run Oracle9.2.0.4 on Windows and have used auditing, but never tried the OS option. I created a different table to hold the audit records and wrote and scheduled a PL\SQL procedure to move the records periodically from SYS.AUD$ to my auditing table.)

Notes:
If your operating system supports an audit trail, then its location is operating system specific. For example, the Windows operating systems writes audit records as events to the application event log. You can view and manage these events using Event Viewer. You are not allowed to specify the AUDIT_FILE_DEST initialization parameter for Windows platforms. For more information, see Oracle9i Database Administrator's Guide for Windows.

Random Solutions

A program is trying to automatically send email on your behalf........

How to port GCC

ExchangeLogs Files Corrupt on same Databases errors: ntfs 55 , general 4001 8197 ,ESE 455

VPN set up between sites with the same IP subnet (192.168.1.0), can this work using the Check Point VPN client

identify owner of email address

Cursor problem when running Oracle stored procedure in TOAD

tempdb question / transaction log

Oracle - replace union query

Exchange 2003 as Backup Domain Controller

OWA 2000 Some Users Get HTTP 403 Forbidden Error