Versions Compared

Old Version 8

changes.mady.by.user Customer Success & Engineering

Saved on

compared with

New Version Current

changes.mady.by.user Customer Success & Engineering

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

Table of Contents

Overview

Oracle Configuration collects client configuration information and uploads it to the Oracle repository. When client configuration data is uploaded regularly, customer support representatives can analyze this data and provide better customer service.

We are providing steps to integrate your Oracle with Seceon SIEM to have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). 

Pre-Requisite

Note: SELinux must be disabled else rsyslog will be denied access to the Oracle logs.

Steps Of Configuration

...

1. Open the /etc/selinux/config file and set the SELINUX mod to disabled:

Info
titleOpen the /etc/selinux/config file and set the SELINUX mod to disabled:

#

This

file

controls

the

state

of

SELinux

on

the

system.

#

SELINUX=

can

take

one

of

these

three

values:

#

enforcing

-

SELinux

security

policy

is

enforced.

#

permissive

-

SELinux

prints

warnings

instead

of

enforcing.

#

disabled

-

No

SELinux

policy

is

loaded.

SELINUX=disabled

#

SELINUXTYPE=

can

take

one

of

these

two

values:

#

targeted

-

Targeted

processes

are

protected,

#

mls

-

Multi

Level

Security

protection.

SELINUXTYPE=targeted

2. Save the file and reboot your CentOS Rocky Linux system with:

sudo

...

shutdown

...

-r

...

now

3. Once the system boots up, verify the change with the sestatus command:

...

4. The output should look like this:

SELinux

...

status:

...

disabled

...

RSyslog Setup

Log in to the Oracle server as root.
Run the command : vi /etc/rsyslog.conf
Add the lines as below:

Info

$ModLoad imfile
$InputFilePollInterval 1
#### GLOBAL DIRECTIVES ####

Add $InputFileName rdbms\orcl\orcl\trace

Add $InputFileTag oracle_logs

Add $InputFileStateFile state-oracle-access

Add $InputRunFileMonitor

After adding, configure CCE-IP at the end of file:
*.* @CCE_IP:514

# ### end of the forwarding rule ###


 In the place of CCE IP put you actual CCE IP 

Info

Verification

Verification through UI


STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .

Image Added

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

Image Added

Verification through CCE sever

Login to the server as seceon user and run the below command

sudo tcpdump -i any host 514 and host <IP address> -AAA


Filter by label (Content by label)
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@a56
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = "kb-how-to-article" and type = "page" and space = "SI"
labelskb-how-to-article

...