Once you’ve decided to enable some form of auditing, you next have to decide where the audit information will be stored. If the operating system supports an audit trail that’s stored outside the database, you can write the audit trail either directly to an operating system file or to the database.
INIT.ORA parameters control the auditing
Tells Oracle the directory name in which the audit trail is to be written. The default value for this parameter is $ORACLE_HOME/RDBMS/AUDIT.
Enables or disables auditing.
As a value for AUDIT_TRAIL, specify one of these values:
“NONE,” “OS,” or “DB.” If you
specify “NONE” (the default), no non-default auditing
will occur. If you specify “OS,” system-wide auditing
will be turned on and the results written to a file in the
AUDIT_FILE_DEST directory. The information
written to the operating system file will be encoded and is not
readable. If you specify “DB,” system-wide auditing will
be enabled and the results stored in the SYS.AUD$ table in the
sys schema in an unencoded, readable format.
Oracle supplies several views against the SYS.AUD$ table to make viewing of the audit information easier. Oracle-supplied tools, such as SQL*Plus, can be used to generate reports about the auditing outcome.
Because the SYS.AUD$ table is owned by sys, the values are stored in the system tablespace. High audit activity results in fragmentation of the system tablespace — not a good ...