Re: Oracle Auditing with SYSLOG

I've been sending Oracle audit logs to syslog for quite a while now. I very much like this setup because it's then very easy to generate audit reports with log mining tools such as Splunk for example.

<plug>
I wrote an article on how to send audit logs to syslog with Oracle 11gR2. http://itdavid.blogspot.ca/2011/02/manage-oracle-11gr2-asm-and-rdbms-audit.html </plug>

I must agree with Henry in the sense that you loose the ability to use SQL to check your audit logs. But normally, the auditor is not the DBA. So one could argue that the lack of SQL is not a problem (unless your auditor prefers using SQL that is :) In my experience, auditors usually refer to audit reports. And again, you can generate those with a tool such as Splunk (which is free unless you have quite a lot of logs).

HTH, David

> Date: Tue, 5 Nov 2013 12:44:12 -0500
> From: Andy Klock <andy_at_oracledepot.com>
>
> There is an option to persist audit records via the syslog rather than
> directly to the OS or DB. My experience with audit records has always
> been with AUD$. Very simple and useful (albeit sometimes slow) to
> find the information I need to report on.
>
> I can see the benefit though with locking audit info to syslog (root
> only access and no longer having to deal with purging AUD$ for
> example) but I also see that parsing information out of syslogs to be
> incredibly cumbersome.
>
> I'm interested in hearing if anybody is using syslog for auditing and
> how you are managing and dealing with the data.
>
> Thanks!
>
> Andy Klock

--
http://www.freelists.org/webpage/oracle-l