Skip to main content

Audit Files Generated on Delphix Connected Systems (KBA1526)




KBA# 1526

Applicable Delphix Versions

This article applies to all versions of the Delphix Engine.


Oracle systems connected to a Delphix Engines have audit files generated in $ORACLE_HOME/rdbms/admin with the following naming scheme


These files will have similar content:

System name:       Linux
Node name:         rh73-ora-src
Release:           3.10.0-514.el7.x86_64
Version:           #1 SMP Wed Oct 19 11:24:13 EDT 2016
Machine:           x86_64
Storage:           ?
Instance name: delphix_sid
Redo thread mounted by this instance: 0 <none>
Oracle process number: 0
Unix process pid: 14313, image:

Mon Aug 28 22:35:14 2017 -07:00
LENGTH : '160'
CLIENT USER:[8] 'ora12102'
CLIENT TERMINAL:[13] 'Not Available'
STATUS:[1] '0'
DBID:[0] ''

Note that there will be multiple files generated every time the monitor runs. 


Oracle RDBMS will create audit files for all attempts to connect "as sysdba" to an instance that is not running to the following directories, in order of preference. This fuctionality cannot be disabled.

  • $ORACLE_BASE/admin/ORACLE_SID/adump
  • $ORACLE_HOME/rdbms/audit

As part of the Environment Monitoring, the Delphix Engine will regularly check that the environment user is able to start sqlplus and connect "as sysdba". This is done by setting an ORACLE_SID of "delphix_sid", then attempting to execute "sqlplus / as sysdba". It is this action that results in the Oracle auditing facility generating the mentioned files.


This is normal and expected behavior from both the Delphix Engine and Oracle RDBMS. Oracle note 1299033.1 covers the details for Oracle Auditing, including this behavior.

These files should be manually or automatically removed as dictated by your organizations auditing policy.