We are running R/3 4.6C on HPUX11/Oracle 18.104.22.168. Our auditors asked us to log and audit access to the Oracle database at the OS level, bypassing the SAP layer. For example, someone logging in, sudo to ora<sid>, execute sqlplus and view or modify a financial document. They did not give us possible ways of doing this. Our SAs and DBAs are a little stumped about getting their hands around the scope of this. Does anyone have any ideas?