[rsyslog] rsyslog local6 DB logging & forwarding

Denis Dolinský denis.dolinsky at gmail.com
Thu Jan 19 11:44:00 CET 2017


Hi guys,

I have following config in place:

Linux server + Oracle DB
Oracle logging:

AUDIT_TRAIL = OS
AUDIT_SYSLOG_LEVEL=local6.warning
AUDIT_SYS_OPERATIONS = TRUE

OS - rsyslog is forwarding the logs:

*.*    @IP address of collector

but in collector (SIEM) I can see only OS logs, no DB logs.

Does anybody have any idea where I might did something wrong ?

I am using default rsyslog.conf (means I did not change there anything)
When I will change DB logging to local5, it will be working, but
unfortunately I cannot use local5 for both OS & DB logging, so I have to
split/divert DB logging to local6.

With *.* forwarding, I thought that everything is forwarded to SIEM,
apparently I am wrong.

Thanks a lot in advance !

Denis


More information about the rsyslog mailing list