This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2010-09-29 10:56 AM

Oracle 10 Audit via syslog

Hi,

 

I've configured an Oracle 10 instance to send Audit log to enVision via syslog. In the Event Viewer I can see the incoming Oracle Audit messages, but when I try to make a Query I can't find the right table to use.

 

Any ideas?

 

Tanx

Amelia

0 Likes
Reply
2 Replies
IgorVolovich
Beginner
Beginner
‎2010-10-07 07:30 PM

Anytime you're looking for the table(s) where your messages are winding up, the 1st place to look is under

 

Overview->System Configuration->Messages->Manage Messages To Parse

 

Find your device, Oracle in this case, look in the right-hand panel, and voila! - Database Audit is the only table all 558 messages are going.

 

As long as the messages are being recognized as the correct device type, your actual collection method is unrelated to the message destination.

 

Hope this answers your question.

 

Good luck!

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to IgorVolovich
‎2010-11-02 12:40 PM

Hi ,

 

Please check the log messages fall under defined categrory.

 

If the logs are classified under undefined events... then those messages cant be pulled out in a report form.

 

Note:- though the device got discovered under Oracle Device type, if the messages are grouped under the undefined messages, then you cannot pull those logs in the reports/ query.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.