Well, I'm answering my own question. (golly you guys are boring on a Friday afternoon) You must add audit system audit by access whenever successful; So, Ron, hopefully your original question is now answered. Barb On 6/17/05, Barbara Baker <barb.baker@xxxxxxxxx> wrote: > Version? > Starting in version 9, setting audit_sys_operations to true will > output the info to the audit_dest directory for SYS. (Hopefully user > SYS is not being used unless critical. The SYS user does not seem to > show up in the audit trail at all, so audit_sys_operations is the only > way I know to capture this.) > > For users other than sys . . . > > Pete Finnigan's "Oracle Security Step-by-Step" says > protect the audit trail with AUDIT ALL ON SYS$AUD$ BY ACCESS; > > I issued this AUDIT ALL audit command in my 9.2.0.4 database, and as > user BARB (who was granted dba role) I tried > selecting from the audit trail > changing an audit parameter > > The select from this user shows up in the audit trail. The change > does not. I find this very odd. I tried "audit trigger", and "audit > delete on schema.table" as user BARB. I would assume that changing > the audit parameter would be an update to the AUD$ table. But the > audit trail does not show this update. > > > We have Oracle auditing turned on, but I am wondering how to track > > changes made to the Audit Parameters. We want to know if someone makes > > a change to the parameters. > > Thanks! > > Ron > > > -- //www.freelists.org/webpage/oracle-l