Forum Stats

  • 3,734,278 Users
  • 2,246,936 Discussions
  • 7,857,217 Comments

Discussions

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Log In Register

Categories

Oracle 12c UNIFIED_AUDIT_TRAIL to syslog server

Paulo Pires
Paulo Pires Member Posts: 2 Green Ribbon
in General Database Discussions

Dear community,

I have to implement Oracle 12c audit and save/export audit data to a shared drive on SYSLOG server. Splunk will get the data for this SYSLOG server.

In a configuration like that, what is the best approach? 

  • Mixed auditing with OS in audit_trail? This means the logs will be save in windows syslog, not on that specific shared drive...
  • Pure auditing? This means I need to create a trigger to export data each minute...

My approach is to define pure audit and create 2 procedures:

  • Transfer UNIFIED_AUDIT_TRAIL content to SYSLOG server;
  • Clean up the auditing data from time to time.

I know there's DBConnect but for that I must create a specific user, which I don't want.

Is there a step-by-step guide in windows to implement Oracle 12c auditing?

Thanks

Tagged:
· Share on TwitterShare on Facebook

Answers

  • Paulo Pires
    Paulo Pires Member Posts: 2 Green Ribbon

    An option is to edit syslog config to forward local1.warning to syslog server. We need to edit /etc/syslog.conf and set the following. The first entry is for the local syslog. The second entry sends it to a remote server:

    #Save oracle rdbms audit trail to oracle_audit.log

    • local0.info     /var/log/oracle/oracle_audit.log

    #Send oracle rdbms audit trail to remote syslog server

    • local0.info     @192.168.100.1

    But where is the syslog.conf in windows?

    Thanks

    · Share on TwitterShare on Facebook
Sign In or Register to comment.