send oracle 11g audit log to syslog server ( on other PC)

--preparation-- 
well...... this time i will write about syslog, and for this experiment what we need is :
- kiwi syslog server get from here and install it on your PC( i use xp for this server syslog)
- oracle db
- and of course, a cup of coffee is a must and other thing that make you relax and comfortable ( :p )

--scema--
first thing to do is redirect oracle audit log to syslog, and than from syslog send to syslog server( kiwi syslog)

 --1--
 edit initSID.ora and add this folowing config :
create "/var/log/oracle/" firs
audit_file_dest='/var/log/oracle/'
audit_trail='OS'
AUDIT_SYSLOG_LEVEL=local1.warning
after that edit /etc/syslog.conf, and add this folowing config :
#Save oracle rdbms audit trail to oracle_audit.log
local1.warning          /var/log/oracle/oracle_audit.log
#Send oracle rdbms audit trail to remote syslog server
local1.warning       @1.1.1.1 #<= ip your syslog server
--2--
restart syslog service with command :
/sbin/service syslog restart     # or 
/etc/init.d/init.d/syslog restart 
oracle DB must be restart to
CONNECT SYS / AS SYSOPER
Enter password: password

SHUTDOWN IMMEDIATE
STARTUP
-----------------
SQL> shutdown IMMEDIATE
Database closed.
Database dismounted.
ORACLE instance shut down.

SQL> STARTUP
ORACLE instance started.

Total System Global Area 1075527680 bytes
Fixed Size                  1304704 bytes
Variable Size             264243072 bytes
Database Buffers          805306368 bytes
Redo Buffers                4673536 bytes
Database mounted.
Database opened.
--test and jajal--
try to login to your Oracle DB and log must be create on syslog and kiwi syslog ono other server like this folowing pict


-source -
oracle doc
Previous
Next Post »

1 comments:

Click here for comments
stealthbits
admin
March 23, 2012 at 12:23 PM ×

Hi Dude,

A simple yet powerful Syslog protocol server and analyzer. It can be tuned to only log events under a threshold, or to directly mail and admin when another threshold value is reached. Thanks a lot.....

Active Directory Compliance

Congrats bro stealthbits you got PERTAMAX...! hehehehe...
Reply
avatar

comment please ... ConversionConversion EmoticonEmoticon

Thanks for your comment