Thanks for the feedback Henry and David. I played with Splunk a bit yesterday and I have seen other tools that report off of syslog in the past. In a lot of the shops I've seen, the default 11.2 auditing to DB is the norm and more often than not, not really used for anything. I like the idea of moving audit info to syslog, but agree that for the purposes that I've used AUD$ will no longer be as readily available. Nice blog post David. Thanks for sharing that. Andy On Wed, Nov 6, 2013 at 7:53 AM, David Robillard <david.robillard@xxxxxxxxx> wrote: > Hello Andy and Henry, > > I've been sending Oracle audit logs to syslog for quite a while now. I very > much like this setup because it's then very easy to generate audit reports > with log mining tools such as Splunk for example. > > <plug> > I wrote an article on how to send audit logs to syslog with Oracle 11gR2. > http://itdavid.blogspot.ca/2011/02/manage-oracle-11gr2-asm-and-rdbms-audit.html > </plug> > > I must agree with Henry in the sense that you loose the ability to use SQL > to check your audit logs. But normally, the auditor is not the DBA. So one > could argue that the lack of SQL is not a problem (unless your auditor > prefers using SQL that is :) In my experience, auditors usually refer to > audit reports. And again, you can generate those with a tool such as Splunk > (which is free unless you have quite a lot of logs). > > HTH, > > David -- //www.freelists.org/webpage/oracle-l