I originally asked about this in , which has since been archived, but I just today got an answer and resolution, so thought I'd throw it out on the outside chance someone with the same question might actually search the forums.
The original question was why do I get records in dba_audit_trail where the action name is simply SESSION REC, when every audit setting specifies BY ACCESS. I finally got tired of it and opened an SR. Turns out that the SESSION REC entries result from when someone accesses a db link.
The tech was not able to find any reference indicating if this were by design or a bug. Given their pressure to close tickets as quickly as possible, and the understandable pushback against scope creep on a ticket, I'll have to open a bug report to find out. Probably not worth it from my end as I at least have a decent work-around, knowing what the records represent.
Anyway, there you have it. No film at eleven but I would be curious if anyone has any additional insight.