When running a Policy Server, when a user authenticates, from time to time, the user data can't be seen in the Audit data in the DB.

Should the smaccesslog4 table and sm_username column like filters in use?

Policy Server 12.8SP6a;
Audit Store on Oracle RAC;

At first glance, there are 2 tables in the Oracle Audit Store:

• smaccesslog4
• smobjlog4

and both have sm_username as a field. The fact that the data might not be written or might not be accessible could be caused by:

• The SQL statement is not the correct one (1).
• Lack of configuration (2).
• Lack of resources in the ODBC Store (3)(4).

Some parameters can be set to configure and tune the connections with the Audit Store (5)(6).

(1)

    Audit SQL statements used to get Audit Reports in Policy Server
    

(2)

    Audit Store data with no info in Policy Server
    

(3)
    
    Archiving Data from Audit Store when in use with Policy Server
    

(4)
  
    Error: "ORA-01653: unable to extend table" in Oracle AUDIT LOG
    

(5)

    Registry keys settings for Audit Store in Policy Server
    

(6)

    Policy Server Fails to Insert Audit Events into the Audit Database

- SQLBulkInsertFlushInterval determines the frequency in which the Policy Server inserts queued audit events into the audit database. The default value of this registry key is 60 seconds. If 60 seconds elapses before the value defined by the SQLBulkInsertFlushRowCount is reached, the Policy Server inserts all queued audit events into the audit database.

- SQLBulkInsertFlushRowCount determines how many audit events occur before the Policy Server inserts audit events into the audit database. The default value of this registry key is 1,000. If 1,000 audit events are queued before the value defined by SQLBulkInsertFlushInterval is reached, the Policy Server inserts all queued audit events into the audit database.