Dear All!

We are trying to read the listener log of an Oracle database with Nxlog.

Sample: <msg time='2018-12-01T23:50:08.409+01:00' org_id='oracle' comp_id='tnslsnr' type='UNKNOWN' level='16' host_id='server11' host_addr='10.10.10.10'> <txt>01-DEC-2018 23:50:08 * (CONNECT_DATA=(SID=oracle)(CID=(PROGRAM=JDBC Thin Client)(HOST=jdbc)(USER=user1$))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.10.10.10)(PORT=54468)) * establish * db1 * 0 </txt> </msg>

It is clear that this is a multiline message which can be read by xm-multiline, then with xm_xml it is possible to convert it to XML entries.

After the 'txt' part is available for processing I would like to capture the following info from it: DATE=01-DEC-2018 23:50:08 (this is simple, just cut the first 20 characters. Action=establish (this is simple, splitting the text by the '') Target=db1 (this is simple, splitting the text by the '') Result=0 (this is simple, splitting the text by the '*') SID=oracle PROGRAM=JDBC Thin Client USER=user1$ HOST=10.10.10.10 PORT=54468

In my opinion the SID/PROGRAM/USER/HOST/PORT cannot be captured by the xm_kvp module as it is not separated by the same symbol. What would you recommend to collect the proper info from that part of the txt?

I have not found any solution for reading the Oracle listener log - that's why it would be a big help to get your opinions!

Thank you!