Ossec fields to Oracle DB

Question

I would like some recommendations for the following problem. I use Ossec for log analysis. What I want, is after extracting the fields to save them in an Oracle database.

For example, if I have this line

IP:(\d+.\d+.\d+.\d+)@(\w+): (forcefield \w+); (.*)

I want $1 go to Ip tables, $2 to host, $3 to msg ... etc

For the moment I am considering to execute a script when I have a match, but I looking for a better approach if possible.

cheers

This seems a good way to me tbh – Lucas Kauffman Apr 17 '12 at 12:58 — Lucas Kauffman, Apr 17 '12 at 12:58

score 1 · Answer 1 · answered Apr 17 '12 at 22:22

1

I'm not sure how this is possible within ossec, but you can do it with nxlog (disclaimer: I'm affiliated with the project). It can write the fields to database using the om_dbi module.

answered Apr 17 '12 at 22:22

b0ti

986
1
6
13

Ossec fields to Oracle DB

1 Answers1