Hello, I'm trying to get oracle audit trail using logstash, what options I have that could help me achieve that.
I wanted to use audit trail to OS but the columns sql_bind, sql_text are not written so I only have two options: DB, EXTENDED and XML, EXTENDED has anyone here had any experience with getting audit logs out of oracle using logstash or another open source tool.
People here know Logstash but typically not Oracle. If you explain how Oracle audit logs are extracted in the general case we can help you figure out how to do it with Logstash.
Seems like sometimes there's an unwanted close tag that breaks standard xml, it happens because the files are generated and may be written again if the file exists.
Here's the output using the input and conf that I have already posted.
Yeah, I guess you're picking up the final at the end of each file. I suggest you parse each file in one swoop and use a split filter after the xml filter to splice the field containing the list of AuditRecord entries so you get one AuditRecord per event.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.