Selecting events from SQL Server used by Symantec DCS SQL Database
Is the Conf file format work ? Which point will this read the SQL table ? SQL Table as provided by DCS integration with SIEM solutions like Splunk, SSIM or ArcSight (broadcom.com) KB https://knowledge.broadcom.com/external/article?articleId=175333
<Input reading_integer_id> Module im_odbc ConnectionString Driver={ODBC Driver 17 for SQL Server}; Server=xxxxx; Trusted_Connection=yes; Database=db1;UID=ROUSER;PWD=xxxxx; IdType integer SQL SELECT Event_ID AS id, * FROM dbo.CSPEVENT_VW WHERE Event_ID > ? Exec delete($id); </Input>
Initial run of this gives the following error
2021-12-30 04:22:41 WARNING no routes defined! 2021-12-30 04:22:41 WARNING not starting unused module reading_integer_id 2021-12-30 04:22:41 INFO nxlog-4.10.5008-trial started 2021-12-30 04:22:50 WARNING stopping nxlog service 2021-12-30 04:22:51 WARNING nxlog received a termination request signal, exiting.
Is the Conf file format work ? Which point will this read the SQL table ? SQL Table as provided by DCS integration with SIEM solutions like Splunk, SSIM or ArcSight (broadcom.com) KB https://knowledge.broadcom.com/external/article?articleId=175333
<Input reading_integer_id> Module im_odbc ConnectionString Driver={ODBC Driver 17 for SQL Server}; Server=xxxxx; Trusted_Connection=yes; Database=db1;UID=ROUSER;PWD=xxxxx; IdType integer SQL SELECT Event_ID AS id, * FROM dbo.CSPEVENT_VW WHERE Event_ID > ? Exec delete($id); </Input>
Initial run of this gives the following error
2021-12-30 04:22:41 WARNING no routes defined! 2021-12-30 04:22:41 WARNING not starting unused module reading_integer_id 2021-12-30 04:22:41 INFO nxlog-4.10.5008-trial started 2021-12-30 04:22:50 WARNING stopping nxlog service 2021-12-30 04:22:51 WARNING nxlog received a termination request signal, exiting.
