Well I am running on Windows so syslog wont work. :( I guess now I am
wondering if most people just leave the audit logs in the database? Or do
you offload them to another database instead of importing them into
Splunk. I think I have a small enough environment that I might be able to
get away with the free limit of 500mb day of data.
Thank you
Jeff
On Tue, Jul 7, 2015 at 7:08 PM, Connor McDonald <mcdonald.connor@xxxxxxxxx>
wrote:
Splunk is good....but pricey as the data volumes grow :-)
If you google for "splunk alternatives" there are various open source
equivalents, although they are often combinations of products to deliver
something equivalent to splunk.
So you're possibly trading money for complexity.
Cheers,
Connor
On Wed, Jul 8, 2015 at 6:15 AM, Jeff Chirco <backseatdba@xxxxxxxxx> wrote:
Hi all,
I don't think I ever got a response from anyone about this question which
is fine but I guess I am now just curious what you do for your audit logs.
Do you leave them in your database? Maybe move them to another table?
Thank you
Jeff
On Mon, Jun 15, 2015 at 10:18 AM, Jeff Chirco <backseatdba@xxxxxxxxx>
wrote:
I am looking into pulling database audit logs from the database and
store in a separate application. I want to pull audit trail tables, data
vault audit tables, alert log, and whatever else.
I know about Splunk and have started looking at it but was wondering if
there are other alternatives. Maybe simpler solutions and not super
expensive. I only have a couple servers to look at.
Oh and all Windows Server 2008 running 11.2
Thank you,
Jeff
--
Connor McDonald
===========================
blog: connormcdonald.wordpress.com
twitter: @connor_mc_d
"If you are not living on the edge, you are taking up too much room."
- Jayne Howard
*Fine print: Views expressed here are my own and not necessarily that of
my employer*
