Nikolaidis Fotis

Asked: 2012-04-18 04:22:23 +0800 CST2012-04-18 04:22:23 +0800 CST 2012-04-18 04:22:23 +0800 CST

Ossec fields to Oracle DB

I would like some recommendations for the following problem. I use Ossec for log analysis. What I want, is after extracting the fields to save them in an Oracle database.

For example, if I have this line

IP:(\d+.\d+.\d+.\d+)@(\w+): (forcefield \w+); (.*)

I want $1 go to Ip tables, $2 to host, $3 to msg ... etc

For the moment I am considering to execute a script when I have a match, but I looking for a better approach if possible.

cheers

1 Answers

Voted

b0ti
2012-04-18T14:22:58+08:002012-04-18T14:22:58+08:00
I'm not sure how this is possible within ossec, but you can do it with nxlog (disclaimer: I'm affiliated with the project). It can write the fields to database using the om_dbi module.
1

Ossec fields to Oracle DB

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?