Splunk Search

How should we handle DB audit trails?

Motivator

We would like to ingest the Oracle's UNIFIED_AUDIT_TRAIL table and the SQL server's MSSQL\SQLAudit\*.sqlaudit files.

How should we do it? Should we index the Oracle's UNIFIED_AUDIT_TRAIL table? Is there maybe an add-on? And what should we do on the SQL Server side? Should we read the files themselves?

Labels (2)
Tags (2)
0 Karma

Motivator

We also wonder whether the Windows event logs have information about the SQL Server audit information.

A good conversation about the Oracle audit trails at - https://community.splunk.com/t5/Splunk-Search/How-to-index-Oracle-audit-trails-stored-in-aud-files/m... 

 

0 Karma