Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to send Oracle Audit to syslog?

yxes2013Sep 25 2013 — edited Sep 26 2013

Hi all,

11.2.0.1

Aix 6.1

How do you send oracle sys audit log to OS syslog If you have more that 1 database on the same ORACLE_HOME (same server)?

For single database the procedure is:

Edit your syslog config to forward local1.warning to Splunk. In case of syslogd edit the /etc/syslog.conf and set the following. The first entry is for the local syslog. The second entry sends it to a remote server:

#Save oracle rdbms audit trail to oracle_audit.log
local0.info /var/log/oracle/oracle_audit.log
#Send oracle rdbms audit trail to remote syslog server
local0.info @192.168.100.1

For more than one database, I am doing it like this:

(Is my understanding correct?)

#Save oracle rdbms audit trail to oracle_audit.log

local0.info /var/log/oracle/oracle_audit.log

local1.info /var/log/PROD1/oracle_audit.log

local2.info /var/log/PROD2/oracle_audit.log

local3.info /var/log/PROD3/oracle_audit.log

#Send oracle rdbms audit trail to remote syslog server

local0.info @192.168.100.1

local1.info @192.168.100.1

local2.info @192.168.100.1

local3.info @192.168.100.1

Thanks a lot,

Zxy

Locked Post

New comments cannot be posted to this locked post.

Locked on Oct 24 2013

Added on Sep 25 2013

#general-database-discussions

7 comments

11,725 views