When a Symantec Critical System Protection [SCSP] Agent is installed or moved to a new SCSP Manager, Oracle Audit Log reads all event data from the start of the file.
|Article:TECH223341|||||Created: 2014-07-29|||||Updated: 2014-07-30|||||Article URL http://www.symantec.com/docs/TECH223341|
Installing a fresh agent or moving to a new Manager while monitoring the Oracle Audit Log directory via a "TextLog" Policy, reads all event data from the start of the file.
Working as designed.
Article URL http://www.symantec.com/docs/TECH223341