Getting Data In

How can I index login/logout logs from an Oracle database in Splunk?

skenkz
New Member

Hi all,

How can I index login/logout logs from an Oracle Database in Splunk?

Thanks.
Marco

0 Karma

fdi01
Motivator

For a starting tutorial on monitoring Oracle with Splunk, try Log File Analysis for Oracle 11g( https://splunkbase.splunk.com/app/1538/) . It describes most of the things you are asking about. If your Splunk installation will not be located on the same server as your Oracle database and SQL commands through DB Connect (http://docs.splunk.com/Documentation/DBX/2.0.4/DeployDBX/AboutSplunkDBConnect ) will not work to get the data you need, then you will also need to look at using the Universal Forwarder (http://docs.splunk.com/Documentation/Splunk/6.2.3/Data/Usingforwardingagents ).

richgalloway
SplunkTrust
SplunkTrust

Install the Splunk DB Connect app. The app documentation will explain how to establish a connection to an Oracle database and make queries.

---
If this reply helps you, Karma would be appreciated.
0 Karma

skenkz
New Member

Hi richgalloway,
thanks for reply. Is it the only solution for import in Splunk logs\events?
can I send the logs from Oralce to Splunk?

Thanks.
M

0 Karma

richgalloway
SplunkTrust
SplunkTrust

For getting information from the database itself, Splunk DB Connect is the best solution. You can also write your own scripted input.
For getting information about the database, there are several apps available. Search for "Oracle" at apps.splunk.com. You can also install a Splunk Universal Forwarder on your Oracle server(s) to send logs to Splunk.

---
If this reply helps you, Karma would be appreciated.
0 Karma

skenkz
New Member

Yes, but if i install "Splunk Universal Forwarder" on my servers Oracle, and i just want only logs access DB Oracle i must flag only "Security Log"?

Thanks.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I don't manage an Oracle server, so I can't be specific. I believe the "Security Log" tick box is for Windows logs, not Oracle. To forward Oracle logs, edit the input.conf file to create a new stanza monitoring the Oracle log directory.

---
If this reply helps you, Karma would be appreciated.
0 Karma

skenkz
New Member

Hi,
than i install "Splunk Universal Forwarder" and select from installation of Forwarder "Path to monitor", right?

Thanks.
M

0 Karma

richgalloway
SplunkTrust
SplunkTrust

That is right

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...