每次sysdba或者sysoper許可權登入都會寫入一個audit trail檔案或者在現有的trail檔案後面新增登入資訊，而這個並不受audit_trail引數限制，audit_trail是顯示是否啟用審計和審計內容儲存的具體位置
有關audit_sys_operations引數：
AUDIT_SYS_OPERATIONS enables or disables the auditing of top-level operations, which are SQL statements directly issued by users when connecting with SYSDBA or SYSOPER privileges. (SQL statements run from within PL/SQL procedures or functions are not considered top-level.) The audit records are written to the operating system's audit trail. The audit records will be written in XML format if the AUDIT_TRAIL initialization parameter is set to xml or xml, extended.
On UNIX platforms, if the AUDIT_SYSLOG_LEVEL parameter has also been set, then it overrides the AUDIT_TRAIL parameter and SYS audit records are written to the system audit log using the SYSLOG utility.
該引數預設為false，但是sysdba和sysoper登入還是會記錄audit到相應的audit trail檔案的，只是不記錄之後sysdba操作的資訊，而如果設定true，還會記錄之後sysdba或者sysoper操作記錄到audit trail中。
可以關閉審計，但是sysdba或者sysoper登入記錄audit trail卻無法禁掉。

整理自：https://blog.csdn.net/zhaoyangjian724/article/details/50637409