[rsyslog] rsyslog local6 DB logging & forwarding
denis.dolinsky at gmail.com
Thu Jan 19 11:44:00 CET 2017
I have following config in place:
Linux server + Oracle DB
AUDIT_TRAIL = OS
AUDIT_SYS_OPERATIONS = TRUE
OS - rsyslog is forwarding the logs:
*.* @IP address of collector
but in collector (SIEM) I can see only OS logs, no DB logs.
Does anybody have any idea where I might did something wrong ?
I am using default rsyslog.conf (means I did not change there anything)
When I will change DB logging to local5, it will be working, but
unfortunately I cannot use local5 for both OS & DB logging, so I have to
split/divert DB logging to local6.
With *.* forwarding, I thought that everything is forwarded to SIEM,
apparently I am wrong.
Thanks a lot in advance !
More information about the rsyslog