Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to enable audit logs in these databases and then send logs to Splunk

dani9
Explorer
‎12-11-2019 08:19 AM

I got to integrate an Oracle database and a SQL server 2008 to my Splunk environment as a forwarder.

How can I enable audit logs in these databases and then send logs to Splunk?
How do they have to be configured Splunk side and database side?

0 Karma
Reply

altink
Builder
‎01-21-2022 09:59 AM

In Oracle you have the unified audit trail, and there are some pre-deployed policies which you can activate and start immediately.
https://docs.oracle.com/en/database/oracle/oracle-database/19/sqlrf/CREATE-AUDIT-POLICY-Unified-Audi... 

to retrieve and visualize the trail, you can use the following

Oracle Unified Audit App for Splunk

https://splunkbase.splunk.com/app/6172/ 

best regards
Altin

0 Karma
Reply

BainM
Communicator
‎12-11-2019 10:05 AM

Hi dani9-
I highly recommend DBConnect to gather any types of information from your SQL box. And for best practice, use a standalone Splunk app server to perform the collecting, then forward it to your indexers.
Same situation with Oracle.

Using DBConnect, you will do most configuration here. But, you will also need to have a local SQL and Oracle account in which to grant the DBConnect app to use. You will then configure the connection, connection type, and what tables to "grab" through the app in Splunk.

Hope this helps,
Mike

0 Karma
Reply

dani9
Explorer
‎12-11-2019 12:57 PM

Okay the problem now is database side.
How can I configure data ('to grab') like connection type, tables, name database etc.. So all this data that after I will be put in dB connect
Do you have any guide of that?

Thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...