Whilst looking into writing some of my presentations for the UKOUG conference recently in Birmingham I came across a very good three part paper by Arup Nanda titled "Mining Information from the Listener Log - Part 1"
that is worth reading. Whilst it is not specifically about security, it does cover security. The paper is great as it uses a simple concept to gather information from the listener that can then be cross referenced easily with other data in the database. This is of course using an external table. Be aware that if you use these techniques to secure the RBAC to the file itself. Access to key logging data from within the database can be a security issue itself as an attacker may use this detail to assess how they may be tracked.