Information
Auditing of the users authenticated as the SYSDBA or the SYSOPER provides an oversight of the most privileged of users.
Note: It is important that the database user should not have access to the system directories where the audits will be
recorded. Ensure this by setting the AUDIT_SYS_OPERATIONS to TRUE.
Default is FALSE. Set in spfile.
Solution
Set AUDIT_FILE DEST to where you want the logs to be. Windows: Default is Event Viewer log file