We are using Oracle 10g and we enabled the auditing,
NAME TYPE VALUE
audit_sys_operations boolean TRUE
audit_trail string DB
But we are not getting all users login information in DBA_AUDIT_TRAIL and sys.aud$.
There are information for some users but not for all users. Is it mean that other user are not audited.
How do we find user list which are currently audited.
Did you bounce your database - the auditing parameters require a restart to take effect. Also, some users are excluded from auditing by design. You’d have to read the Oracle docs for explanation and clarification. Maybe that’s what you’re seeing?
Here are some examples from the docs:
Connections over DB links are not audited. A local Oracle node cannot audit actions that take place in a remote database.
Some accounts are not audited by default. Operations by the SYS user and by users connected through SYSDBA or SYSOPER can be fully audited with the AUDIT_SYS_OPERATIONS initialization parameter.
Again - see what connections you’re not getting to audit and check the docs.