Re: Oracle Audit records and Splunk

From: Stefan Knecht <knecht.stefan_at_gmail.com>
Date: Thu, 19 Nov 2015 15:31:58 +0700
Message-ID: <CAP50yQ-kmWeN1DWntyupWRgVBt-ADt0ScRjNF=_F420GnMR8oQ_at_mail.gmail.com>

Have you tried switching Oracle's auditing to write to SYSLOG? Those should be easy to parse.

Stefan

On Thu, Nov 19, 2015 at 3:51 AM, John Jones <john.jones_at_duke.edu> wrote:

> Is there any one out there using Splunk to look at your Oracle Audit logs.
>
>
>
> We are trying to set this up and running into problems with the way that
> Oracle writes the audit files in different formats. We are mostly looking
> at tracking Oracle Logins and notice that the format of the audit record
> can change depending on the error encountered.
>
>
>
> Any pointers or suggestions are welcome.
>
>
>
> John Jones
>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Nov 19 2015 - 09:31:58 CET

This message: [ Message body ]
Next message: Stefan Knecht: "Re: Oracle 10g - 12c upgrade, but TDE wallet issues"
Previous message: Dominic Brooks: "Re: Flushing Bad Plan - No Longer in Shared Pool"
In reply to: John Jones: "Oracle Audit records and Splunk"
Next in thread: Upendra nerilla: "RE: Oracle Audit records and Splunk"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message