Hey Chuck, I have not actually tried to decode any Oracle logs. But have you used the ossec-logtest utility? I have used it to debug several application logging issue. You can pipe entire logs into it to see how ossec handles it. But for me, I start off simple. Start ossec-logtest, then paste a single log entry into it. It will show you output from each step. Let me know if this helps
Bill On Monday, February 5, 2018 at 4:10:16 PM UTC-5, charle...@decisivedge.com wrote: > > Hello > > Has anyone written a rule and decorder for an oracle DB. I know that OSSEC > and inject the logs but it seems that OSSEC does not know how to interpret > them. Can any help me with this or even point me to a source. Is there > anything that I need to do on the DB side ? > > Thanks > Chuck > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.