| Table of Contents |
|---|
...
Oracle Configuration collects client configuration information and uploads it to the Oracle repository. When client configuration data is uploaded regularly, customer support representatives can analyze this data and provide better customer service.
We are providing you with the steps to integrate your Oracle with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for logs forwarding.
Pre-Requisite
Note: SELinux must be disabled else rsyslog will be denied access to the Oracle logs.
...
Steps Of Configuration
...
1. Open the /etc/selinux/config file and set the SELINUX mod to disabled:
...
Log in to the Oracle server as root.
Run the command : vi /etc/rsyslog.conf
Add the lines as below:
| Info |
|---|
$ModLoad imfile $InputFileName rdbms\orcl\orcl\trace $InputFileTag oracle_logs $InputFileStateFile state-oracle-access $InputRunFileMonitor After adding, configure CCE-IP at the end of file: # ### end of the forwarding rule ### |
In the place of CCE IP put you actual CCE IP
| Info |
|---|
Verification
STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .
...
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .
Verification through CCE sever
Login to the server as seceon user and run the below command
sudo tcpdump -i any host 514 and host <IP address> -AAA”
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...