You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am unable to fetch proper Oracle 19c database logs to Wazuh server. The logs that are fetched from database is hosted on AIX server with JDBC protocol. The custom decoders and rules are also set and tested. The main queries that are executed by my DB team are still not shown on Wazuh. I have set the Wazuh agent ossec.conf on AIX as follows;
syslog
/var/ossec/logs/active_responses.log
While I have set the following configuration on agent.conf in endpoint groups of wazuh through browser.
<agent_config>
Following are the some of the repetitive logs I am receving rather than the actual queries that are executed.
<Sql_Text>select value from v$sesstat where sid = :sid order by statistic# </Sql_Text>
<Sql_Text>select col.*, com.Comments from sys.all_tab_columns col, sys.all_col_comments com where col.owner = :owner and col.table_name = :table_name and com.Owner (+) = :Owner and com.Table_Name (+) = :table_name and com.Column_Name (+) = col.Column_Name order by col.column_id </Sql_Text>
<Sql_Text>ALTER DATABASE MOUNT</Sql_Text>
please help me out in this case.
The text was updated successfully, but these errors were encountered:
Hello everyone,
Hope you;re doing good.
I am unable to fetch proper Oracle 19c database logs to Wazuh server. The logs that are fetched from database is hosted on AIX server with JDBC protocol. The custom decoders and rules are also set and tested. The main queries that are executed by my DB team are still not shown on Wazuh. I have set the Wazuh agent ossec.conf on AIX as follows;
syslog /var/ossec/logs/active_responses.logWhile I have set the following configuration on agent.conf in endpoint groups of wazuh through browser.
<agent_config>
<log_format>multi-line-regex</log_format>
/path/to/database/logs/*.xml
<multiline_regex replace="wspace">^Traceback</multiline_regex>
</agent_config>
Following are the some of the repetitive logs I am receving rather than the actual queries that are executed.
<Sql_Text>select value from v$sesstat where sid = :sid order by statistic# </Sql_Text>
<Sql_Text>select col.*, com.Comments from sys.all_tab_columns col, sys.all_col_comments com where col.owner = :owner and col.table_name = :table_name and com.Owner (+) = :Owner and com.Table_Name (+) = :table_name and com.Column_Name (+) = col.Column_Name order by col.column_id </Sql_Text>
<Sql_Text>ALTER DATABASE MOUNT</Sql_Text>
please help me out in this case.
The text was updated successfully, but these errors were encountered: