Getting Data In

How can I index login/logout logs from an Oracle database in Splunk?

skenkz
New Member

Hi all,

How can I index login/logout logs from an Oracle Database in Splunk?

Thanks.
Marco

0 Karma

fdi01
Motivator

For a starting tutorial on monitoring Oracle with Splunk, try Log File Analysis for Oracle 11g( https://splunkbase.splunk.com/app/1538/) . It describes most of the things you are asking about. If your Splunk installation will not be located on the same server as your Oracle database and SQL commands through DB Connect (http://docs.splunk.com/Documentation/DBX/2.0.4/DeployDBX/AboutSplunkDBConnect ) will not work to get the data you need, then you will also need to look at using the Universal Forwarder (http://docs.splunk.com/Documentation/Splunk/6.2.3/Data/Usingforwardingagents ).

richgalloway
SplunkTrust
SplunkTrust

Install the Splunk DB Connect app. The app documentation will explain how to establish a connection to an Oracle database and make queries.

---
If this reply helps you, Karma would be appreciated.
0 Karma

skenkz
New Member

Hi richgalloway,
thanks for reply. Is it the only solution for import in Splunk logs\events?
can I send the logs from Oralce to Splunk?

Thanks.
M

0 Karma

richgalloway
SplunkTrust
SplunkTrust

For getting information from the database itself, Splunk DB Connect is the best solution. You can also write your own scripted input.
For getting information about the database, there are several apps available. Search for "Oracle" at apps.splunk.com. You can also install a Splunk Universal Forwarder on your Oracle server(s) to send logs to Splunk.

---
If this reply helps you, Karma would be appreciated.
0 Karma

skenkz
New Member

Yes, but if i install "Splunk Universal Forwarder" on my servers Oracle, and i just want only logs access DB Oracle i must flag only "Security Log"?

Thanks.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I don't manage an Oracle server, so I can't be specific. I believe the "Security Log" tick box is for Windows logs, not Oracle. To forward Oracle logs, edit the input.conf file to create a new stanza monitoring the Oracle log directory.

---
If this reply helps you, Karma would be appreciated.
0 Karma

skenkz
New Member

Hi,
than i install "Splunk Universal Forwarder" and select from installation of Forwarder "Path to monitor", right?

Thanks.
M

0 Karma

richgalloway
SplunkTrust
SplunkTrust

That is right

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...