Oracle Audit Add-on for Graylog is an Oracle software package that performs delivery of Oracle unified audit events to Graylog SIEM system. The delivery is performed via TCP protocol. An Oracle scheduler job invokes periodically the procedure that collects the latest events and delivers them in JSON format for Graylog GELF. On Graylog side a GELF TCP Input receives and ingests the Oracle unified audit events to Graylog repository.
Prerequisites
Oracle Database 12c and later
Graylog version 3 and later
Graylog GELF TCP Input
Setup
Oracle
Install the Add-on in the Oracle Database by executing SQL script Ora_Aud_GrayLog_01_00_00_Install.sql
Set the Graylog Server hostname/IP and port in table LMS_SRV, respectively in fields lms_host and lms_port
Grant Network ACL privileges to Add-on schema owner for access to Graylog host using SQL commands in file ACL.txt
Start the Oracle scheduler job LMS_GRAYLOG
Graylog
A GELF TCP Input must be up and running
For details please refer to User_Guide.txt
DATAPLUS
Oracle database security software solutions and services
Hello, thank you very much for this product, and I used it for 2 months, but I had to update ORACLE db from 19.12 to 19.15 and sending logs stopped working for me.
here is the error
ORA-06502: PL/SQL: numeric or value error
ORA-06512: at “AUDORAGRAYLOG.ORACLE_GRAYLOG”, line 750 - RAISE;
ORA-06512: at “AUDORAGRAYLOG.ORACLE_GRAYLOG”, line 555 - v_GL_record :=
ORA-06512: at “AUDORAGRAYLOG.ORACLE_GRAYLOG”, line 555 - v_GL_record :=
ORA-06512: at line 1
could you help me to solve this problem
Hello, Dscryber
Thank you very much for your feedback, I will be very much looking forward to your response, for me it is very critical for the information security of our environment.
I have attached screenshots of where the error occurs
I couldn’t install this. Is there a resource regarding the installation of this plugin? I need to resolve this issue. Thank you in advance for your help.