Version? Starting in version 9, setting audit_sys_operations to true will output the info to the audit_dest directory for SYS. (Hopefully user SYS is not being used unless critical. The SYS user does not seem to show up in the audit trail at all, so audit_sys_operations is the only way I know to capture this.) For users other than sys . . . Pete Finnigan's "Oracle Security Step-by-Step" says protect the audit trail with AUDIT ALL ON SYS$AUD$ BY ACCESS; I issued this AUDIT ALL audit command in my 9.2.0.4 database, and as user BARB (who was granted dba role) I tried selecting from the audit trail changing an audit parameter The select from this user shows up in the audit trail. The change does not. I find this very odd. I tried "audit trigger", and "audit delete on schema.table" as user BARB. I would assume that changing the audit parameter would be an update to the AUD$ table. But the audit trail does not show this update. Anyone know why not?? ** objects current audit options enabled ** OWNER OBJECT_NAM OBJECT ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE ---------- ---------- ------ --- --- --- --- --- --- --- --- --- --- --- --- --- SYS AUD$ TABLE S/A A/A A/A A/A A/A A/A A/A A/A A/A A/A S/A -/- -/- AMAX AGENCIES TABLE -/- -/- -/- S/S -/- -/- -/- -/- -/- -/- -/- -/- -/- ** Audit Records from last 24 hours ** AACDGIILRSURE Action Obj Return luoernnoeepex USERID TIMEST Name Name Code tdmladscnldfe -------- ------------ ------------------- ------ ------------------- BARB 17-Jun 11:18 SELECT AUD$ 0 BARB 17-Jun 11:18 SELECT AUD$ 0 On 6/16/05, Smith, Ron L. <rlsmith@xxxxxxx> wrote: > We have Oracle auditing turned on, but I am wondering how to track > changes made to the Audit Parameters. We want to know if someone makes > a change to the parameters. > Thanks! > Ron > -- //www.freelists.org/webpage/oracle-l