Re: Oracle Audit records and Splunk

• From: Stefan Knecht <knecht.stefan@xxxxxxxxx>
• To: john.jones@xxxxxxxx
• Date: Thu, 19 Nov 2015 15:31:58 +0700

Have you tried switching Oracle's auditing to write to SYSLOG? Those should
be easy to parse.

Stefan


On Thu, Nov 19, 2015 at 3:51 AM, John Jones <john.jones@xxxxxxxx> wrote:

Is there any one out there using Splunk to look at your Oracle Audit logs.



We are trying to set this up and running into problems with the way that
Oracle writes the audit files in different formats. We are mostly looking
at tracking Oracle Logins and notice that the format of the audit record
can change depending on the error encountered.



Any pointers or suggestions are welcome.



John Jones

• Follow-Ups:
  • Re: Oracle Audit records and Splunk
    • From: Niall Litchfield

• References:
  • Oracle Audit records and Splunk
    • From: John Jones

Other related posts:

• » Oracle Audit records and Splunk- John Jones
• » RE: Oracle Audit records and Splunk- mvshelton
• » Re: Oracle Audit records and Splunk- Karth Panchan
• » Re: Oracle Audit records and Splunk - Stefan Knecht
• » Re: Oracle Audit records and Splunk- Niall Litchfield
• » RE: Oracle Audit records and Splunk- Upendra nerilla
• » Re: Oracle Audit records and Splunk- Dragutin Jastrebic

1. Home
2. oracle-l
3. Archive
4. 11-2015

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---