Oracle Data
- To utilize the Oracle alerts and dashboards, ensure that the database server is configured to log DDL (Data Definition Language) command activities, privileged activities, and database authentication events.
The Cyences app supports following data collection mechanisms:
1. Unified auditing using Splunk DB Connect app (Recommended)
App Installation
| App | Search Head | Indexer | Heavy Forwarder | UF / Deployment Server | Additional Details |
|---|---|---|---|---|---|
| Splunk DB Connect | - | - | Required | - | Installation and Configuration Guide & Make sure to use oracle:audit:unified sourcetype when configuring the data input. |
| Splunk DBX Add-on for Oracle JDBC | - | - | Required | - | This addon is DB Connect App’s requirement for database driver availability of Oracle. |
| Splunk Add-on for Oracle Database | Required | - | Required | - | Installation and Configuration Guide |
- Visit the official oracle documentation for more information:
- Details needed from DBA Team:
- IP Address or FQDN of DB server
- Port number for DB server
- Unified Audit Trail DB table name
- Username & Password - Should have Readonly access to the Audit Trail Table
- Default database name and Database name
- Timezone on the database server
2. XML logs using File monitoring
App Installation
| App | Search Head | Indexer | Heavy Forwarder | UF / Deployment Server | Additional Details |
|---|---|---|---|---|---|
| Splunk Add-on for Oracle Database | Required | - | Required | Required (On DB server) | Installation and Configuration Guide & Make sure to use oracle:audit:xml sourcetype when configuring the data input. |
- Details needed from DBA Team:
- XML Log files path on the DB server.
Note : Create an index named oracle or update the cs_oracle macro definition from Cyences app configuration page (Cyences Settings > Cyences App Configuration > Products Setup).
Estimated Data Size
The license usage consumed by the Splunk Add-on for Oracle Database is based on the audit policy and database usage of your environment