Question & Answer
Question
Does the Perl Oracle DB listener forwarding script automatically start when the Oracle server boots?
Cause
The script oracle_dblistener_fwdr.pl is used with the Oracle DB listener to forward Oracle events from the Oracle Listener log. This script creates a daemon that will continue to run unless manually stopped. It does not have a way to restart automatically if the Oracle server is rebooted.
Answer
To start the Perl Oracle DB listener forwarding script automatically add the string with the complete path in /etc/rc.local on the Oracle server. This file is one of the last files to be run when a Linux server is started.
Example:
Below is an example /etc/rc.local file with the Oracle DB listener script included.
In this example the oracle_dblistener_fwdr.pl has been placed in the Oracle Users home directory and is run from /etc/rc.local to monitor the listener log on an Oracle 9i server with an IP address of 192.168.12.44 and forward events to QRadar with the IP address of 192.168.1.100, using the following code:
oracle_dblistener_fwdr.pl -t tail -f <install_directory>/product/9.2/network/log/listener.log -f user.info -H 192.168.12.44 -h 192.168.1.100 -p 514
A sample log from this setup would appear as follows:
<14>Apr 14 13:23:37 192.168.12.44 AgentDevice=OracleDBListener Command=SERVICE_UPDATE DeviceTime=18-AUG-2006 16:51:43 Status=0 SID=qora9
The kill command can be used to stop the script: kill -QUIT `cat /var/run/oracle_dblistener_fwdr.pl.pid`
Note: If you stop oracle_dblistener_fwdr.pl by killing the pid that is associated with it, you need to manually restart it. If you make changes to the script configuration, the entry in /etc/rc.local must also be updated.
Please See Collecting Oracle database events by using Perl for further information on configuring the
oracle_dblistener_fwdr.pl including options .
Where do you find more information?
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21991663