John, probably the easiest I can think of would be an RMAN backup of the archive logs (it can do that), which stores the stuff (encrypted) in the tape library. If you then limit who has access to the tape library (and you should already have done that), then you should be OK with compliance. Now, can it ALWAYS be run as soon as a file lands ? Well, you'd have to poll for the new files, and that would mean running the RMAN archive log backup more often, but is every 5 minutes enough???
I don't know of a way to have the event triggered (maybe there is a way of putting a trigger on a system table...) but if they could give you a guideline of how long can a file be there before it must be moved, and then have your backup interval tighter than that...
Let's say you don't go the RMAN route, and decide to do it "by hand". Keep in mind that if you write some sort of a script that watches the directory to see if new files show up, you'll have to make sure that the file is finished being written to before trying to pick it up and move it. How would you know that it's finished?
A) You could wait until it is the "standard size" of the archive log files. Bzzzt wrong - archive log files can often be smaller than their standard size. Checkpoints, switchlogs, shutdowns, etc. can alter the standard size dramatically.
B) You could wait until another file shows up and assume that the prior file is finished. Bzzzt, that's not necessarily true either. At peak loads, you could be writing multiple of them at a time, finishing some later files before the first ones are done. It's rare (and indicates you need to do some archive log tuning), but possible, I've seen it myself.
C) You could wait until 20 files are written and assume that the last ones are finished. That's probably true, but BZZZT, that violates what you're trying to do - you can't leave 20 files out there w/o tending to them.
D) You could write a script to query from oracle what archive log files are out there, and whether or not they finished with, and have the result of this be used to create a UNIX script that something else can come along and run to move it out. I've done something similar to this (before RMAN), but the best precision you can get is 1 minute from cron, and even then, that's if you don't have files to copy. If you're already copying files, and plenty more files show up while copying... then that puts you behind.
E) Or, hey - I just thought of this - but when an archive file is completed being shifted out to disk - it's written in the Oracle database alert log.
You could write a program to watch that alert log, and if you see:
ARC1: Beginning to archive log 4 thread 1 sequence 32340
Creating archive destination LOG_ARCHIVE_DEST: '/path/to/arch/logs/filename.log'
Then you know a write started,
and keep in looking in the file for:
ARC1: Completed archiving log 4 thread 1 sequence 32340
When you see a sequence with the same number do a "Begin" and then a "Completed" entry in the alert log, you can go ahead with your copy/move/protect operation.
Those are some ideas to think about, but the critical question becomes how long of a period do you have to get those files moved out? The answer to that question tells you something of your approach and methodology.
We are the people our parents warned us about --Jimmy Buffett
