At the time of writing Oracle Management Cloud currently comes with a Log Parser for Oracle Integration Cloud Audit logs (ics-audit.log).
The parser does not work if the userId contains a word separating characters like an email address.
The current parser definition is
The modified parser definition is
The parser does not work if the userId contains a word separating characters like an email address.
The current parser definition is
\[{TIMEDATE}\]\s+\[(\w+)\]\s+\[(\w+)\]\s*\[(.*)?\]\s+\[(\S+)\]\s+\[\w+\:\s+(\d+)\]\s*\[\w+\:\s*(?:\<)?(\w+)(?:\>)?\]\s+\[\w+\:\s+(\S+)\]\s*\[\w+\:\s*([^\,]*)?\]\s*\[\w+\-\w+\:\s*(\w*)?\]\s*\[\w+\-\w+\:\s*(\w*)?\]\s+\[([^\,]*)\]\:\s*\[([^\,]*)?\,([^\,]*)?\,([^\,]*)?\,([^\,]*)?\,([^\,]*)?\,([^\,]*)?\](.*)? |
The modified parser definition is
\[{TIMEDATE}\]\s+\[(\w+)\]\s+\[(\w+)\]\s*\[(.*)?\]\s+\[(\S+)\]\s+\[\w+\:\s+(\d+)\]\s*\[\w+\:\s*(?:\<)?(.*)(?:\>)?\]\s+\[\w+\:\s+(\S+)\]\s*\[\w+\:\s*([^\,]*)?\]\s*\[\w+\-\w+\:\s*(\w*)?\]\s*\[\w+\-\w+\:\s*(\w*)?\]\s+\[([^\,]*)\]\:\s*\[([^\,]*)?\,([^\,]*)?\,([^\,]*)?\,([^\,]*)?\,([^\,]*)?\,([^\,]*)?\](.*)? |
