Table of Contents:
This article covers how to configure syslogs on Oracle database with NX_log.
Configuring syslogs on Oracle_DB with NX_log
A. Download and install NXLog Community Edition on the VM where you want to collect the Oracle DB logs.
B. Below is an example NxLog Configuration Query for collecting Oracle DB logs and forwarding them to Chronicle.
=================================================
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files\nxlog
define ORCDB_OUTPUT_DESTINATION_ADDRESS<Forwarder IP>
define ORCDB_OUTPUT_DESTINATION_PORT 11622
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _syslog>
Module xm_syslog
</Extension>
<Input oraclelogs>
Module im_odbc
Driver oracle
ConnectionString DSN=YourDSN;UID=YourUsername;PWD=YourPassword;
Query SELECT * FROM YourOracleLogTable WHERE Timestamp > :global_lastevent;
<Exec>
if $raw_event =~ /^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})/ {
$EventTime = parsedate($1);
}
</Exec>
</Input>
<Output syslog>
Module om_tcp
Host %ORCDB_OUTPUT_DESTINATION_ADDRESS%
Port %ORCDB_OUTPUT_DESTINATION_ADDRESS%
Exec to_syslog_bsd();
</Output>
<Route 1>
Path oraclelogs => syslog
</Route>
Note:
- Make sure to replace placeholder Oracle databases using the specified DSN (Data Source Name) and credentials (replace OracleDSN, YourUsername, YourPassword, and YourOracleLogTable with your actual values).
- Ensure you have the appropriate ODBC driver installed on the VM where NXLog is running. This driver allows NXLog to connect to the Oracle database.
- Make sure that the Oracle database is set up to allow remote connections and that the user specified in the configuration file has the necessary permissions to execute the query.
Checking log status in Chronicle
- Once the configuration is completed, we need to validate the logs in chronicle using a regular expression such as (".*"). This expression, or with a specific hostname, will provide the log source types that are being ingested to chronicle. Below is a screen shot for reference.
Comments
0 comments
Please sign in to leave a comment.