Privilege use events include security commands run by the security administrator or system administrator, and encryption commands run by the system administrator or file owners.
The ACFS_AUDIT_INIT, ACFS_SEC_INIT, and ACFS_ENCR_INIT events are written into the global log that is located in Oracle Grid Infrastructure home.
The possible event code (Event) for privilege use events include the following:
ACFS_AUDIT_ARCHIVE
ACFS_AUDIT_DISABLE
ACFS_AUDIT_ENABLE
ACFS_AUDIT_INIT
ACFS_AUDIT_PURGE
ACFS_AUDIT_READ
ACFS_ENCR_FILE_OFF
ACFS_ENCR_FILE_ON
ACFS_ENCR_FILE_REKEY
ACFS_ENCR_FS_OFF
ACFS_ENCR_FS_ON
ACFS_ENCR_INIT
ACFS_ENCR_SET
ACFS_ENCR_SET_UNDO
ACFS_ENCR_VOL_REKEY
ACFS_ENCR_WALLET_STORE
ACFS_REALM_AUDIT_DISABLE
ACFS_REALM_EDIT_ENCR
ACFS_REALM_AUDIT_ENABLE
ACFS_SEC_LOAD
ACFS_SEC_PREPARE
ACFS_SEC_PREPARE_UNDO
ACFS_SEC_REALM_ADD
ACFS_SEC_REALM_CLONE
ACFS_SEC_REALM_CREATE
ACFS_SEC_REALM_DELETE
ACFS_SEC_REALM_DESTROY
ACFS_SEC_RULE_CREATE
ACFS_SEC_RULE_DESTROY
ACFS_SEC_RULE_EDIT
ACFS_SEC_RULESET_CREATE
ACFS_SEC_RULESET_DESTROY
ACFS_SEC_RULESET_EDIT
ACFS_SEC_SAVE