Re: Oracle Auditing with SYSLOG
- From: Andy Klock <andy@xxxxxxxxxxxxxxx>
- To: David Robillard <david.robillard@xxxxxxxxx>
- Date: Wed, 6 Nov 2013 10:20:22 -0500
Thanks for the feedback Henry and David. I played with Splunk a bit
yesterday and I have seen other tools that report off of syslog in the
past. In a lot of the shops I've seen, the default 11.2 auditing to
DB is the norm and more often than not, not really used for anything.
I like the idea of moving audit info to syslog, but agree that for the
purposes that I've used AUD$ will no longer be as readily available.
Nice blog post David. Thanks for sharing that.
Andy
On Wed, Nov 6, 2013 at 7:53 AM, David Robillard
<david.robillard@xxxxxxxxx> wrote:
> Hello Andy and Henry,
>
> I've been sending Oracle audit logs to syslog for quite a while now. I very
> much like this setup because it's then very easy to generate audit reports
> with log mining tools such as Splunk for example.
>
> <plug>
> I wrote an article on how to send audit logs to syslog with Oracle 11gR2.
> http://itdavid.blogspot.ca/2011/02/manage-oracle-11gr2-asm-and-rdbms-audit.html
> </plug>
>
> I must agree with Henry in the sense that you loose the ability to use SQL
> to check your audit logs. But normally, the auditor is not the DBA. So one
> could argue that the lack of SQL is not a problem (unless your auditor
> prefers using SQL that is :) In my experience, auditors usually refer to
> audit reports. And again, you can generate those with a tool such as Splunk
> (which is free unless you have quite a lot of logs).
>
> HTH,
>
> David
--
//www.freelists.org/webpage/oracle-l
Other related posts:
