May be this will help ...
On Sep 14, 2020 at 4:49 PM, <Ian A. MacGregor
Otr security team wants Oreacle audit information for some databases to
be in Splunk. I have fulfilled this request by writing the audit
information to the server's"syslog" which is captured by or provided to
Splunk. This is less than ideal. I am curious if others have this
requirement, and what they are doing about it?
Ian A. MacGregor
SLAC National Accelerator Laboratory
To offer the best IT service at the lab and be the IT provider of choice.