Does anybody use this Splunk Software with 4c4? As far as I can tell this tool wants sql queries to ready log file tables in our oracle database. As far as I know all our log files are basically in $BSE/log. They want us to monitor for privileged activity - like changing parameters, system setup or changes. I know we could audit some tools tables - but again the activity goes out to a file on the unix system - and I really do not want to turn that one for more tables.

Well infor said 4c4 was not supported and we can try it on our own. I think they use queries to reach in and pull log information from tables - not sure I see a way to easily do that.

... wants sql queries to read log file tables ...I suppose they are talking about transaction logs within the database? There you could retrieve all database transactions and monitor selected tables. IMHO, with knowledge of auditing, ttaad4100 log and 4c4/LN I would say: use the available tools. Downside is that backdoor changes (within Oracle) cannot be monitored.

Well the DBA's have back door access covered. If I logged into the database using pl/sql using like BSP oracle they would know it and track it. Then one of my managers would have to say it is okay. With SPLUNK they are looking for me to write a query and put it in splunk. Assuming I got this right - this query would pull across records like - last login attempt, invalid logins, anything a privilege's accounts changed on application setup or users. Things like that.

So I could turn on table logging for like baan users, I could write a session that would run and read the audit file and pull certain things into a table. But all of that is over kill in my mind for a 90% read only system - we still have 2 more years to process 2017, 2018 via Billable cost reports. Once that is done I have a feeling baan itself would disappear and all the records would move to a warehouse.