Oracle Audit Add-on for Graylog

Oracle Audit Add-on for Graylog

@akaraulli

View on Github
Open Issues
Stargazers

Oracle Audit Add-on for Graylog integrates Oracle database unified audit with Graylog

  1. Architecture and Overview

| Oracle Database → Oracle Audit Add-on for Graylog | → | Graylog GELF TCP Input → Graylog |

Oracle Audit Add-on for Graylog is an Oracle software package that performs delivery of Oracle unified audit events to Graylog SIEM system. The delivery is performed via TCP protocol. An Oracle scheduler job invokes periodically the procedure that collects the latest events and delivers them in JSON format for Graylog GELF. On Graylog side a GELF TCP Input receives and ingests the Oracle unified audit events to Graylog repository.

  1. Prerequisites
  • Oracle Database 12c and later
  • Graylog version 3 and later
  • Graylog GELF TCP Input
  1. Setup

Oracle

  • Install the Add-on in the Oracle Database by executing SQL script Ora_Aud_GrayLog_01_00_00_Install.sql
  • Set the Graylog Server hostname/IP and port in table LMS_SRV, respectively in fields lms_host and lms_port
  • Grant Network ACL privileges to Add-on schema owner for access to Graylog host using SQL commands in file ACL.txt
  • Start the Oracle scheduler job LMS_GRAYLOG

Graylog

A GELF TCP Input must be up and running

For details please refer to User_Guide.txt

  1. DATAPLUS

Oracle database security software solutions and services

Web: https://www.dataplus-al.com

e-Mail: info@dataplus-al.com

Hello, thank you very much for this product, and I used it for 2 months, but I had to update ORACLE db from 19.12 to 19.15 and sending logs stopped working for me.

here is the error
ORA-06502: PL/SQL: numeric or value error
ORA-06512: at “AUDORAGRAYLOG.ORACLE_GRAYLOG”, line 750 - RAISE;
ORA-06512: at “AUDORAGRAYLOG.ORACLE_GRAYLOG”, line 555 - v_GL_record :=
ORA-06512: at “AUDORAGRAYLOG.ORACLE_GRAYLOG”, line 555 - v_GL_record :=
ORA-06512: at line 1
could you help me to solve this problem

1 Like

Hello, @Nikolay ,

Thank you for your question. I’ve reached out directly to the developer for a response. He may respond directly, or I will post his response here.

In the meanwhile, community members are welcome to offer their advice, as always!

Hello, Dscryber
Thank you very much for your feedback, I will be very much looking forward to your response, for me it is very critical for the information security of our environment.
I have attached screenshots of where the error occurs



1 Like

Hi

did answer about this at Github

regards
Altin

2 Likes

Thanks, @altink , for your responding to this inquiry