Ossec and Oracle Logs

[charle...@decisivedge.com]

Hello

Has anyone written a rule and decorder for an oracle DB. I know that OSSEC and inject the logs but it seems that OSSEC does not know how to interpret them. Can any help me with this or even point me to a source. Is there anything that I need to do on the DB side ? 

Thanks

Chuck

[Bill Price]

Hey Chuck,

  I have not actually tried to decode any Oracle logs.  But have you used the ossec-logtest utility?  I have used it to debug several application logging issue.  You can pipe entire logs into it to see how ossec handles it.  But for me, I start off simple.  Start ossec-logtest, then paste a single log entry into it.  It will show you output from each step.  Let me know if this helps

Bill