Wrote a plsql routine to extract the data to a name value pair format file.
This made it easy for splunk to load.
Matt
Sent via the Samsung Galaxy S™ III, an AT&T 4G LTE smartphone
<div>-------- Original message --------</div><div>From: John Jones
<john.jones@xxxxxxxx> </div><div>Date:11/18/2015 3:51 PM (GMT-05:00)
</div><div>To: "'oracle-l@xxxxxxxxxxxxx'" <oracle-l@xxxxxxxxxxxxx>
</div><div>Subject: Oracle Audit records and Splunk </div><div>
</div>Is there any one out there using Splunk to look at your Oracle Audit logs.
We are trying to set this up and running into problems with the way that Oracle
writes the audit files in different formats. We are mostly looking at tracking
Oracle Logins and notice that the format of the audit record can change
depending on the error encountered.
Any pointers or suggestions are welcome.
John Jones