[rsyslog-notify] Forum Thread: Re: Host information is missing while sending Oracle DB logs - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Wed Nov 18 22:47:32 CET 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26168#p26168
Message:
----------
what the HP-UX server is sending to rsyslog (according to the debug log you
quote above) is
<140>Nov 17 09:06:57 Oracle Audit[20904]: LENGTH: "222" SESSIONID:[6]
"785490" ENTRYID:[1] "1" USERID:[3] "CAP" ACTION:[3] "101" RETURNCODE:[1]
"0"
LOGOFF$PREAD:[1] "0" LOGOFF$LREAD:[3] "134" LOGOFF$LWRITE:[2] "16"
LOGOFF$DEAD:[1] "0" DBID:[10] "2834441098" SESSIONCPU:[1] "1"
this is a perfectly valid message with a hostname of 'Oracle' and a
programname of 'Audit'
if it's supposed to be a programname of 'Oracle Audit' with a missing
hostname, rsyslog has no way of detecting this.
what you could do is to detect if $hostname='Oracle' and if it is, log with
a different template that used %fromhost-ip% of %fromhost% instead of
%hostname% in the template.
Or you can look on the HU-UX box and see if you can fix it's formatting
problem.
More information about the rsyslog-notify
mailing list