Oracle 19c Logs to Wazuh Server #889
Description
Hello everyone,
Hope you;re doing good.
I am unable to fetch proper Oracle 19c database logs to Wazuh server. The logs that are fetched from database is hosted on AIX server with JDBC protocol. The custom decoders and rules are also set and tested. The main queries that are executed by my DB team are still not shown on Wazuh. I have set the Wazuh agent ossec.conf on AIX as follows;
syslog /var/ossec/logs/active_responses.logWhile I have set the following configuration on agent.conf in endpoint groups of wazuh through browser.
<agent_config>
<log_format>multi-line-regex</log_format>
/path/to/database/logs/*.xml
<multiline_regex replace="wspace">^Traceback</multiline_regex>
</agent_config>
Following are the some of the repetitive logs I am receving rather than the actual queries that are executed.
<Sql_Text>select value from v$sesstat where sid = :sid order by statistic# </Sql_Text>
<Sql_Text>select col.*, com.Comments from sys.all_tab_columns col, sys.all_col_comments com where col.owner = :owner and col.table_name = :table_name and com.Owner (+) = :Owner and com.Table_Name (+) = :table_name and com.Column_Name (+) = col.Column_Name order by col.column_id </Sql_Text>
<Sql_Text>ALTER DATABASE MOUNT</Sql_Text>
please help me out in this case.