Statement\priviledge auditing is not returning expected results in audit trail. (NETIQKB33955)

fact
VigilEnt Security Agent for Oracle 1.x

fact
VigilEnt Security Agent for Oracle 2.0

fact
VigilEnt Audit Manager for Oracle 4.x

symptom
Statement\priviledge auditing is not returning expected results in audit trail.

cause
System privilege auditing is the selective auditing of the statements allowed using a system privilege. For example, auditing of the SELECT ANY TABLE system privilege audits users' statements that are executed using the SELECT ANY TABLE system privilege. You can audit the use of any system privilege.  In all cases of privilege auditing, owner privileges and schema object privileges are checked before system privileges. If the owner and schema object privileges will suffice to permit the action, the action will not be audited via system privilege auditing.  In sum, you will not get an audit for an event unless the event specifically requires the system privilege that you are trying to audit.  If Oracle is able to complete the action with a lower set of privileges (not system) then it will do so, and your expected audit will not occur.

fix

Issue the following command you will see what statement audting options are currently configured for your Oracle system by user account:

SELECT * FROM DBA_STMT_AUDIT_OPTS;

You can use a similar view for viewing the privilege audting options:

(DBA_PRIV_AUDIT_OPTS)

Formerly known as NETIQKB33955