Hello,
auditor complained settings of audit parameters in oracle 11, especially audit_sys_operations=FALSE and audit_syslog_level=' '.
I found notes 1551504, 700548, 1963700, 1128663 etc with informations about technical configuration.
But I didn't found notes or links about the recommended setting by SAP and by advisors. Sometimes these recomendations differ, so that advisors recommend stronger security settings.
What are recommended settings for these audit parameters? Is it better to log auditfiles in database? Do logs have to be reported to the UNIX-syslog? And what is a good way to secure auditfiles in a folder, so that dbauser can still access for reading or creating?
Regards,
Julia