RE: [External] Moving from database to OS audit trail

From: "" <dmarc-noreply@xxxxxxxxxxxxx> (Redacted sender "Jay.Miller" for DMARC)
To: <jbeckstrom@xxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
Date: Mon, 14 Sep 2020 17:26:22 +0000

Thank you! We’ll test that out (and cross our fingers that the format is
acceptable to the security folk).

From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> On Behalf
Of Jeffrey Beckstrom
Sent: Monday, September 14, 2020 11:39 AM
To: oracle-l-freelist <oracle-l@xxxxxxxxxxxxx>; Miller, Jay
<Jay.Miller@xxxxxxxxxxxxxxxx>
Subject: Re: [External] Moving from database to OS audit trail

We send our audit trail to xml audit trail files. We then query it from
v$xml_audit_trail

Jeffrey Beckstrom
Lead Database Administrator
Information Technology Department
Greater Cleveland Regional Transit Authority
1240 W. 6th Street
Cleveland, Ohio 44113

"" (Redacted sender "Jay.Miller" forDMARC)
<dmarc-noreply@xxxxxxxxxxxxx<mailto:dmarc-noreply@xxxxxxxxxxxxx>> 9/14/20
11:31 AM >>>

We have just been given the requirement to move our auditing from database to
OS and I was wondering how other people have handled obtaining the data which
is currently easily available from dba_audit_trail.

For example things like getting a histogram of login times to see if there was
a sudden surge in connect activity or finding the name of an app server which
is locking an account by sending invalid passwords. Really easy now but with OS
files? How are other people handling this?

I’m told all the information will be available in Splunk though I have no idea
how easy that will be to access.

TIA,
Jay Miller

Follow-Ups:
- RE: [External] Moving from database to OS audit trail
  - From:

References:
- Moving from database to OS audit trail
  - From:
- Re: [External] Moving from database to OS audit trail
  - From: Jeffrey Beckstrom

RE: [External] Moving from database to OS audit trail

Other related posts: