Oracle Auditing with SYSLOG
From: Andy Klock <andy_at_oracledepot.com>
Date: Tue, 5 Nov 2013 12:44:12 -0500
Message-ID: <CADo_RaM5_Fu9hYwJP9fLnOCo8DBox32p8y7doFK5jaZ_3aWPiQ_at_mail.gmail.com>
There is an option to persist audit records via the syslog rather than directly to the OS or DB. My experience with audit records has always been with AUD$. Very simple and useful (albeit sometimes slow) to find the information I need to report on. I can see the benefit though with locking audit info to syslog (root only access and no longer having to deal with purging AUD$ for example) but I also see that parsing information out of syslogs to be incredibly cumbersome.
Date: Tue, 5 Nov 2013 12:44:12 -0500
Message-ID: <CADo_RaM5_Fu9hYwJP9fLnOCo8DBox32p8y7doFK5jaZ_3aWPiQ_at_mail.gmail.com>
There is an option to persist audit records via the syslog rather than directly to the OS or DB. My experience with audit records has always been with AUD$. Very simple and useful (albeit sometimes slow) to find the information I need to report on. I can see the benefit though with locking audit info to syslog (root only access and no longer having to deal with purging AUD$ for example) but I also see that parsing information out of syslogs to be incredibly cumbersome.
I'm interested in hearing if anybody is using syslog for auditing and how you are managing and dealing with the data.
Thanks!
Andy Klock
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Nov 05 2013 - 18:44:12 CET