Decipher audit trail files more easily by creating them in XML format (10.2)

Oracle can write audit information to a dictionary table or to a file. When it writes standard audit information to a file, the output is difficult to read and decipher.

For example, suppose you want to audit any updates to the SCOTT.EMP table. To do so:
1. Change the database parameter named audit_trail and bounce (restart) the database. The syntax is as follows:

alter system set

audit_trail = OS scope = spfile;

2. Configure the database to audit the update statements made on the table:

AUDIT UPDATE ON SCOTT.EMP;

Oracle stores the audit trail output in a file with an aud extension that looks like this:

Audit trail: SESSIONID: "859" ENTRYID: "2" STATEMENT: "7" USERID: "SCOTT" USERHOST: "CNETICS\KENNY-DESK" TERMINAL: "KENNY-DESK" ACTION: "103" RETURNCODE: "0" OBJ$CREATOR: "SCOTT" OBJ$NAME: "EMP" SES$ACTIONSss: "------S---------" SES$TID: "52556" OS$USERID: "CNETICS\ksmith"

To change the operating system audit files to an XML format, change the audit_trail parameter as before like this:

alter system set

audit_trail = XML scope = spfile;

Beginning in Oracle 10g Release 2, Oracle now writes the audit files in an XML format that various tools can help you read and manage much more easily.