For quite some time now I've been trying to get ossim to trigger alerts for certain events from oracle syslog logs. These alerts are to include events such as "alter user", "drop user" and "create user".
If I understand the oracle-syslog plugin correctly, alerts are defined on the translation table and they have numerical values. An alert is then triggered when its value in reflected in the ACTION field of the oracle-syslog. This is a bit of a problem in my current setup because the value in the ACTION field keeps changing for select, alter user, drop user and other events. This ends up triggering the wrong alert most of the times.
Has anyone experienced this? Anyone got a fix for this? Any help would be greatly appreciated. Thanks.