I am trying to forward Oracle DB audit logs that are written out as xml files. Each transaction writes a separate xml file and there are a lot of them. Is there a way to get this data into NLS? I have tried several times with a rsyslog config. Here is an example of what I tried.
ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog
# Input for FILE_PATH
$InputFileName /oraaudit/*.xml
$InputFileTag OracleDB_Audit:
$InputFileStateFile nls-state-EPOP01 # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Forward to Nagios Logserver and then discard.
if $programname == 'OracleDB_Audit' then @@nlsserver:5544
if $programname == 'OracleDB_Audit' then ~
I have tried to change the InputFileName with different iterations. The files start out with this DBOP011_ora_ and have a timestamp followed by .xml. So I tried to set the file name to DBOP011_ora_*
I am wondering if sending xml data may not be possible. Any help would be greatly appreciated.
I made the changes, but I am still not getting the data in the xml files being forwarded. Before making the changes, I was getting data from syslog as well as other types of log files, such as Weblogic sent to NLS. Is there anything I need to set up to deal with xml files?
Can you send in a ticket to [email protected] for this? I would like to do a remote session to look at this. Unfortunately, I do not have any time slots available for the rest of the day. Let me know if this is not an option that works for you.
