I would like to know if there are any Splunk apps which we can use use to audit Oracle behavior e.g failed logons. Splunk for Oracle seems to just get the db performance.
Please watch for:
Omega Core Audit App for Splunk (at Splunkbase)
Which requires:
Omega Core Audit (at DATAPLUS)
And optionally for:
Omega Core Audit Light
Omega Core Audit NT Agent
best regards,
Altin Karaulli
DATAPLUS
The audit log is one of the sourcetypes listed in the app, that should show you failed logins.
http://docs.splunk.com/Documentation/AddOns/latest/Oracle/Datatypes