Mailing List Archive

Processing SQL audit messages
There are some application which write audit logs to SQL database only.
Might be interesting to process them with rsyslog for the distribution to
SIEM and/or archiving.

Does anybody work on similar use case?
Do you think input alternative of omlibdbi will make sense?

--
Peter
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Processing SQL audit messages [ In reply to ]
om indicates an output module, so it would not be useful for fetching logs.

I haven't heard of anyone fetching logs from inside a database. I would probably
write a perl/python program that fetched the logs and then fed them to rsyslog
(ideally in a json format if they are structured in the database)

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Processing SQL audit messages [ In reply to ]
We use logstash for that purpose as it has the ability to query an SQL
database via plugin.  Logstash retrieves the data, adds the RFC5424
header, and sends to an instance of rsyslog on the same host.

Regards,


On 8/29/19 11:41 PM, Peter Viskup via rsyslog wrote:
> There are some application which write audit logs to SQL database only.
> Might be interesting to process them with rsyslog for the distribution to
> SIEM and/or archiving.
>
> Does anybody work on similar use case?
> Do you think input alternative of omlibdbi will make sense?
>

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.