Getting Data In

How to enable audit logs in these databases and then send logs to Splunk


I got to integrate an Oracle database and a SQL server 2008 to my Splunk environment as a forwarder.

How can I enable audit logs in these databases and then send logs to Splunk?
How do they have to be configured Splunk side and database side?

0 Karma


In Oracle you have the unified audit trail, and there are some pre-deployed policies which you can activate and start immediately. 

to retrieve and visualize the trail, you can use the following

Oracle Unified Audit App for Splunk 

best regards

0 Karma


Hi dani9-
I highly recommend DBConnect to gather any types of information from your SQL box. And for best practice, use a standalone Splunk app server to perform the collecting, then forward it to your indexers.
Same situation with Oracle.

Using DBConnect, you will do most configuration here. But, you will also need to have a local SQL and Oracle account in which to grant the DBConnect app to use. You will then configure the connection, connection type, and what tables to "grab" through the app in Splunk.

Hope this helps,

0 Karma


Okay the problem now is database side.
How can I configure data ('to grab') like connection type, tables, name database etc.. So all this data that after I will be put in dB connect
Do you have any guide of that?


0 Karma