Hi,
I have a Suse Linux server that hosts an Oracle 11g database for SAP Application.
I am trying to enable DB auditing for the database and then send the audit logs via syslog to a remote SIEM server.
The syslog configuration in the syslog-ng.conf file on the SUSE server is given below:
##########################################
filter f_info { level(info,err,crit) and not facility(news, mail); };
destination siem_name {
udp(“10.200.0.51” port(514));
};
log {
source(src);
filter(f_info);
destination(siem_name);
};
###########################################
Please tell me how can I transfer the oracle audit logs to the SIEM using syslog.
The default path where the oracle audit log trace files are generated on the SUSE server, is /oracle/EP1/saptrace/audit
Regards,
RD