Oracle

Owned by Omry Koschitzky
Last updated: Jun 26, 2022 by Noga Aviram (Unlicensed)
1 min read

Background

The Oracle Server log analysis App automatically Collect - Read - Parse - Analyzes - Reports all database generated audit logs data of the server and presents a comprehensive set of graphs and reports to analyze DB generated data. Use a predefined set of dashboards and widgets to visualize and address the system software, code written, and infrastructure during development, testing, and production. This Oracle Server log analysis App helps measure, troubleshoot, and optimize your data bases integrity, stability and quality with the several visualization and investigation dashboards.

Steps:

    1. Oracle Server App is running on the Oracle default auditLOG.
      When adding/editing the logs to XpoLog it is mandatory to apply the correct log type(s) to each of the logs:
      1. oracle - all logs that the application will analyze must have oracle as a log type.
      2. database - all logs that the application will analyze must have database as a log type.
      3. audit  - only the audit log must also be configured to have audit as a log type.

    2. By default, the audit log path is located in the internal audit_file_dest parameter of the database. In order to set a path to your audit log, please execute the command: alter system set audit_file_dest='Desired_Path'.
      Additionally, there is a need set the value of the AUDIT_TRIAL parameter to 'xml, extended', In order to configure it, please execute the command: alter system set AUDIT_TRIAL =xml, extended.
    3. Once the required information is set, click next and edit the log pattern, this step is crucial to the accuracy and deployment of the Oracle Server App. Use the following pattern for the log:
      oracle audit log: 
      <AuditRecord>{regexp:Audit Type,ftype=audittype;refName=Message,<Audit_Type>(.*)</Audit_Type>}{regexp:Session ID,ftype=sessionid;refName=Message,<Session_Id>(.*)</Session_Id>}{regexp:Statement ID,ftype=statementid;refName=Message,<StatementId>(.*)</StatementId>}{regexp:EntryId Type,ftype=entryid;refName=Message,<EntryId>(.*)</EntryId>}{regexp:Extended Timestamp,refName=Message;columnType=date;dateFormat=yyyy-MM-dd'T'HH:mm:ss.SSSSSS'Z';dateUIFormat=yyyy-MM-dd HH:mm:ss.SSSSSS,\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d\\:\\d\\d:\\d\\d\\.\\d\\d\\d\\d\\d\\dZ}{regexp:DB User,ftype=dbuser;refName=Message,<DB_User>(.*)</DB_User>}{regexp:Ext Name,ftype=extname;refName=Message,<Ext_Name>(.*)</Ext_Name>}{regexp:OS_User,ftype=osuser;refName=Message,<OS_User>(.*)</OS_User>}{regexp:User Host,ftype=hostname;refName=Message,<Userhost>(.*)</Userhost>}{regexp:OS Process,ftype=osprocess;refName=Message,<OS_Process>(.*)</OS_Process>}{regexp:Terminal,ftype=terminal;refName=Message,<Terminal>(.*)</Terminal>}{regexp:Instance Number,ftype=instancenumber;refName=Message,<Instance_Number>(.*)</Instance_Number>}{regexp:Object Schema,ftype=objectschema;refName=Message,<Object_Schema>(.*)</Object_Schema>}{regexp:Object Name,ftype=object;refName=Message,<Object_Name>(.*)</Object_Name>}{regexp:Action,ftype=action;refName=Message,<Action>(.*)</Action>}{regexp:Return Code ,ftype=status;refName=Message,<Returncode>(.*)</Returncode>}{regexp:SCN,ftype=scn;refName=Message,<Scn>(.*)</Scn>}{regexp:OSPrivilege,ftype=osprivilege;refName=Message,<OSPrivilege>(.*)</OSPrivilege>}{regexp:SesActions,ftype=sesaction;refName=Message,<SesActions>(.*)</SesAction>}{regexp:DB ID,ftype=dbid;refName=Message,<DBID>(.*)</DBID>}{regexp:SQL Text,ftype=sqltext;refName=Message,<Sql_Text>(.*)</Sql_Text>}{string:Message}</AuditRecord>