I am trying to get the login/logoff and failed login of oracle 10.2.0.4 installed on windows to be seen by splunk. I managed to get the info written in the windows event log by setting the following parameters:
AUDIT_SYS_OPERATIONS = TRUE
AUDIT_TRAIL=OS
I get the info on the windows logs...but the log is nearly unreadable. And the info I need to extract is not in clear but in the "message" field of the log.
Is there a way to get the info I need directly from oracle? I am gathering the needed info on the windows logs installing splunk on the clients and using it as a client to send the info to a splunk server.
Is there a direct/easy way to get the info from oracle?
Any help or hint is VERY welcome!
Thank you!
... View more