Hi forum readers,
I'm trying to use the oracle driver to obtain the events from the Oracle table "sys.dba_common_audit_trail" at regular intervals but avoiding the potential of retrieving the same log more than once (duplication). So far all I have is the ability to retrieve various columns from the database but it returns every entry, and my non-prod db has been around since circa 2011 and this table has never been truncated (groan). It looks as if Syslog-NG expects the uid parameter in the driver config to be a unique and probably incrementing value, but at least in that particular Oracle table, the UID column always contains the exact same value.
Does anybody have experience with a sample Oracle config stanza that does the above properly, even if it might be for a different Oracle table? I'm relatively new to Syslog-NG and under pressure to get this solved to allow a project to proceed so trying to shortcut my trial & error method - I'm a SIEM admin dammit Jim, not a DBA! :-)