2017-01-19 11:44 GMT+01:00 Denis Dolinský via rsyslog <[email protected]>: > Hi guys, > > I have following config in place: > > Linux server + Oracle DB > Oracle logging: > > AUDIT_TRAIL = OS > AUDIT_SYSLOG_LEVEL=local6.warning > AUDIT_SYS_OPERATIONS = TRUE > > OS - rsyslog is forwarding the logs: > > *.* @IP address of collector > > but in collector (SIEM) I can see only OS logs, no DB logs. > > Does anybody have any idea where I might did something wrong ? > > I am using default rsyslog.conf (means I did not change there anything)
The default is depending on OS and version, so we do not really know yet what you have. > When I will change DB logging to local5, it will be working, but > unfortunately I cannot use local5 for both OS & DB logging, so I have to > split/divert DB logging to local6. > > With *.* forwarding, I thought that everything is forwarded to SIEM, > apparently I am wrong. Your expectation is right. I guess that the config either discards messages before it reaches this point, oracle does not log or something (journal?)might be in the way of getting this to work. In other words, we need a more precise description of what you actually have. Rainer > > Thanks a lot in advance ! > > Denis > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
