Audit files
Rajeshwaran Jeyabal, October 03, 2017 - 2:37 pm UTC
Team:
I am on 12.2 and dont see any files in the ADUMP directory.
demo@ORA12C> show parameter audit_file_dest
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string D:\APP\VNAMEIT\VIRTUAL\ADMIN\O
RA12C\ADUMP
demo@ORA12C> $dir D:\APP\VNAMEIT\VIRTUAL\ADMIN\ORA12c\adump
Volume in drive D is DATA
Volume Serial Number is 50D3-A8AC
Directory of D:\APP\VNAMEIT\VIRTUAL\ADMIN\ORA12c\adump
03/18/2017 01:30 PM <DIR> .
03/18/2017 01:30 PM <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 239,924,244,480 bytes free
demo@ORA12C>
do i need to set something to get this audited?
October 05, 2017 - 4:13 pm UTC
On windows, by default, they will go into the Windows event log.
Other possibilities
- Do you have unified audit ?
- audit_sys_operations not set
You can change audit trail to "XML" if you want to override this.
Alex, October 05, 2017 - 8:28 pm UTC
What a crazy situation/requirement this is. Tom is rolling over in his retirement hammock. I would look at what accounts have permission to shutdown (it should be no one....), and change the SYS password.
Man talk about the wild west.
October 06, 2017 - 5:33 am UTC
Yes I was biting my tongue :-)
Sadly we got lots of questions along these lines (I should blog about it)
"Who dropped this table"
"Who shut my database"
"Who modified this data"
which ultimately all lead to ...
"Who hacked my database"