Do you have documentation and best practices on how to ingest oracle database security logs?
We currently don’t natively support ingesting logs directly out of Oracle. However as like with any Unsupported event source, we recommend using one of the data collection methods available when setting up a Custom Log event source.
See here Custom Logs | InsightIDR Documentation
Notably the Listen on Network port or Watch Directory would be common options available if you can output via syslog to a fixed port over udp or tcp, or alternatively if you can write these logs to disk, you can set up an SMB file share and allow the collector to ingest those text files.
David
Any other advice on best practices on what monitor for Oracle logs?
I would approach it from the perspective of what actions are being taken on a regular basis and considered normal versus rare or abnormal actions. Not having intimate knowledge of the logs or what information is available limits my ability to help further, however someone else might chime in here hopefully.
David
1 Like