How to collect Oracle Audit Logs

[HAR]

Hi,

I want to collect audit logs from Oracle 12c. Auditing is already enable at oracle level and logs are generated and store in table.

Please advice to wayout.

Regards,

HAR

[mariano hinjos]

Hi

I had edit the  init$SID.ora with this parameters 

  *.audit_file_dest='/var/log/oracle/oracle_audit.log' 

*.audit_sys_operations=TRUE 

*.audit_trail='OS' 

*.audit_syslog_level=local0.debug  

reboot database

  sqlplus "/as sysdba" 

shutdown immediate; 

startup;  

config rsyslog

  vi /etc/rsyslog.conf

adding

local0.*           /var/log/oracle/oracle_audit.log 

and control the rotation of the log so that it does not grow uncontrollably

vi /etc/logrotate.d/oracle_audit 

/var/log/oracle/oracle_audit.log {

 copytruncate daily 

 rotate 3 

 compress 

 missingok 

 size 100M 

 create 0644 oracle dba

 }        

  systemctl restart rsyslog

I hope help you  

[Hassan Rizvi]

Thanks for your reply.

Currently we are using 12c with Audit enabled and logs are collected in Table.

Any Solution for my scenario

Regards,

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/J3zwGiNDZOQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/af422743-5bf8-412d-b07a-62da316afa2an%40googlegroups.com.