How TIBCO LogLogic LMI captures Oracle Database log data

book

Article ID: KB0077481

calendar_today

Updated On:

Products	Versions
TIBCO LogLogic Log Management Intelligence	all versions

Description

There are two sets of events that can be collected form an Oracle database:

Audit logs are going to give you results of who is doing what to the databases therefore the audit records are associated with database transactions of some sort.
SysDBA logs are going to show you more operational activity such as who is logging into the server, restarting it, maintenance, etc. They are each configured differently.

Prior to LSP34 audit log collection had to be configured by going to Management->Manage Devices in the web GUI then selecting the database device. If the DB host does not already exist as a log source in LMI then you must create it first and save the basic information. After that you can re-open the log source for editing to add database connectivity information. Starting with LSP34 LMI now supports Oracle audit collection via syslog.

If this is an Oracle Cluster then be sure to use the Cluster IP as the device IP.

SysDBA logs are configured using the Management->Manage Devices->File Transfer Rules tab.

The Oracle DB server needs to have a service supporting CIFS, SCP, FTP/S, SFTP, or HTTP/S. Alternatively, the server can have a script to copy the original log files to another server running one of those file transfer services. In that case, the file transfer rule is configured with a user account to log into the intermediate file server to pull the messages to the LogLogic appliance.

Refer to the Oracle Database Log Source Configuration Guide for details.

Issue/Introduction

This article explains the 2 types of Oracle database events and a high-level description of how LogLogic LMI captures this data.

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"