SIEM ProTip: Unable to retrieve events from custom SQL table using SIEM Collector

Version 1

    The SIEM Collector can be used to query custom SQL Server/Oracle database tables, and to forward events on to the Enterprise Security Manager (ESM). This is achieved using the Custom SQL client feature integrated in the SIEM Collector Management Utility (with SIEM Collector 11.x) or using the SQL Database Event Configuration File Utility (with SIEM Collector 10.x).

    If the custom Oracle table you are attempting to query is not in the default schema of the login specified to query the custom table, the query to populate the bookmark will fail. When this failure occurs, no events are available to forward to the ESM.

    NOTE: This issue affects only the querying of databases on Oracle servers. It does not affect the querying of databases based on Microsoft SQL Servers.

    For more information on this issue, see KB85236 (