Also, I tend to use AUD$ SQL queries for purposes other than security. I can get an idea of session connection times (between logon and logoff) for different apps. Sometimes there is a code or network issue where sessions logon and crash (no logoff). I can query for that. So the power of SQL is missed when I lose DB auditing. Doubling up on syslog and db would be great. Henry On Wed, Nov 6, 2013 at 12:14 PM, Andy Klock <andy@xxxxxxxxxxxxxxx> wrote: > On Wed, Nov 6, 2013 at 10:54 AM, David Robillard > <david.robillard@xxxxxxxxx> wrote: > > > Maybe a word of advice : IMHO I don't like using OS as the audit > > destination. I prefer to keep either DB or SYSLOG. If you use OS, you > will > > quickly fill up your file system with audit log files. Lots and lots of > them > > are generated rather fast. You then need OS level access to > > compress/backup/delete them. And as you probably know, a file system is a > > poor solution to handle lots of small files in the same directory. With > DB, > > you can stay within Oracle and manage them (i.e. purge the tables). But > with > > SYSLOG, you can then configure your syslog system to send them all to a > > central syslog machine where you manage all your logs. Ideally not only > your > > Oracle audit logs, but every logs in your organization (i.e. networking > > gear, storage systems, OS logs and application logs). Once on that > central > > syslog machine, you can beef up the disk space and have a dedicated log > > management team and software solutions. One central place to rule them > all > > :) > > > All great points. Thanks David. > -- > //www.freelists.org/webpage/oracle-l > > >