search

elastic / beats

:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash
https://www.elastic.co/products/beats
Other
103 stars 4.92k forks source link

Filebeat Oracle module doesn't support alert log #34056

Open leweafan opened 1 year ago

leweafan commented 1 year ago

Describe the enhancement:

Alert logs contain important information about error messages and exceptions that occur during database operations.

Now oracle module supports only aud files. Please add support for alert_XXX.log where XXX=SID.

Oracle will write the alert.log file to the directory as specified by the _BACKGROUND_DUMPDEST parameter. If this parameter is not set, the alert.log will be created in a directory below the value of the _DIAGNOSTICDEST parameter: _DIAGNOSTICDEST/diag/rdbms/DB_NAME/ORACLE_SID/trace. If this later parameter is not set, the alert.log file is created in the _ORACLEHOME/rdbms/trace directory.

SQL> show parameter BACKGROUND_DUMP_DEST

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------------------
background_dump_dest                 string      /app/oracle/diag/rdbms/o11gr1/o11gr1/trace

Describe a specific use case for the enhancement or feature:

We collect oracle alert log using the following config:

- type: log
  enabled: true
  paths:
    - /oracle/diag/rdbms/*/*/trace/alert_*.log
  multiline.pattern: '^[A-Za-z]{3}\s+[A-Za-z]{3}\s+[0-9]{1,2}\s[0-9]{2}:[0-9]{2}:[0-9]{2}\s[0-9]{4}'
  multiline.negate: true
  multiline.match: after
  multiline.timeout: 10
elasticmachine commented 1 year ago

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

kostas-rf commented 1 year ago

That would be a useful update for this module.