Audit analysis without SQL

Use the onshowaudit utility to extract data for audit analysis. This utility can perform some basic filtering such as user or database server name. You can then send the extracted data to standard output (for example, your screen) and use UNIX™ utilities such as grep, sed, and awk or Windows™ utilities to analyze it. You can also put the data in a database and analyze it with SQL, as the next section describes.

Only the AAO can run onshowaudit. If role separation is not enabled, user onedb is the AAO. (Superuser root on UNIX is always an AAO.) Because disclosure of audit records represents a security threat, only the AAO must read the extracted records.

For example, the following command extracts audit records for the user pat from an audit file named laurel.12, on UNIX, and sends the audit records to standard output:

onshowaudit -I -f laurel.12 -u pat

The command-line syntax for how to extract information with onshowaudit is explained in The onaudit utility: Configure audit masks.