[rsyslog-notify] Forum Thread: Re: Host information is missing while sending Oracle DB logs - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue Nov 17 05:10:59 CET 2015
User: antonb
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26157#p26157
Message:
----------
[b:24d2bxtw]rgerhards[/b:24d2bxtw]
Actually I get much more information, I just did cut some unnecessary
(in my opinion) information. Here is an example of full output message
[code:24d2bxtw]Debug line with all properties:
FROMHOST: '1.1.1.1', fromhost-ip:
'1.1.1.1', HOSTNAME: 'Oracle', PRI: 140,
syslogtag 'Audit[20904]:', programname: 'Audit',
APP-NAME: 'Audit', PROCID: '20904', MSGID: '-',
TIMESTAMP: 'Nov 17 09:06:57', STRUCTURED-DATA: '-',
msg: ' LENGTH: "222" SESSIONID:[6] "785490"
ENTRYID:[1] "1" USERID:[3] "CAP"
ACTION:[3] "101" RETURNCODE:[1] "0"
LOGOFF$PREAD:[1] "0" LOGOFF$LREAD:[3] "134"
LOGOFF$LWRITE:[2]
"16" LOGOFF$DEAD:[1] "0" DBID:[10] "2834441098"
SESSIONCPU:[1] "1"'
escaped msg: ' LENGTH: "222" SESSIONID:[6] "785490"
ENTRYID:[1] "1" USERID:[3] "CAP"
ACTION:[3] "101" RETURNCODE:[1] "0"
LOGOFF$PREAD:[1] "0" LOGOFF$LREAD:[3] "134"
LOGOFF$LWRITE:[2] "16" LOGOFF$DEAD:[1] "0"
DBID:[10] "2834441098" SESSIONCPU:[1] "1"'
inputname: imudp rawmsg: '<140>Nov 17 09:06:57 Oracle
Audit[20904]: LENGTH: "222" SESSIONID:[6]
"785490" ENTRYID:[1] "1" USERID:[3] "CAP"
ACTION:[3] "101" RETURNCODE:[1] "0"
LOGOFF$PREAD:[1] "0" LOGOFF$LREAD:[3] "134"
LOGOFF$LWRITE:[2] "16" LOGOFF$DEAD:[1] "0"
DBID:[10] "2834441098" SESSIONCPU:[1] "1"'
[/code:24d2bxtw]
[b:24d2bxtw]dlang[/b:24d2bxtw]
I was able to send Oracle logs to syslog by setting option
audit_syslog_level in Oracle DB equal to facility.message template
(local1.warning
in my case).
More information about the rsyslog-notify
mailing list