Re: Oracle Auditing with SYSLOG

From: Andy Klock <andy_at_oracledepot.com>
Date: Wed, 6 Nov 2013 10:20:22 -0500
Message-ID: <CADo_RaPJFqHsP3K+ZZUt045uBBRCeBxzSKwH6py3q9AfkMbBpA_at_mail.gmail.com>



Thanks for the feedback Henry and David. I played with Splunk a bit yesterday and I have seen other tools that report off of syslog in the past. In a lot of the shops I've seen, the default 11.2 auditing to DB is the norm and more often than not, not really used for anything.

I like the idea of moving audit info to syslog, but agree that for the purposes that I've used AUD$ will no longer be as readily available.

Nice blog post David. Thanks for sharing that.

Andy

On Wed, Nov 6, 2013 at 7:53 AM, David Robillard <david.robillard_at_gmail.com> wrote:
> Hello Andy and Henry,
>
> I've been sending Oracle audit logs to syslog for quite a while now. I very
> much like this setup because it's then very easy to generate audit reports
> with log mining tools such as Splunk for example.
>
> <plug>
> I wrote an article on how to send audit logs to syslog with Oracle 11gR2.
> http://itdavid.blogspot.ca/2011/02/manage-oracle-11gr2-asm-and-rdbms-audit.html
> </plug>
>
> I must agree with Henry in the sense that you loose the ability to use SQL
> to check your audit logs. But normally, the auditor is not the DBA. So one
> could argue that the lack of SQL is not a problem (unless your auditor
> prefers using SQL that is :) In my experience, auditors usually refer to
> audit reports. And again, you can generate those with a tool such as Splunk
> (which is free unless you have quite a lot of logs).
>
> HTH,
>
> David

--
http://www.freelists.org/webpage/oracle-l
Received on Wed Nov 06 2013 - 16:20:22 CET

Original text of this message