| Table of Contents |
|---|
Overview
We are providing you the steps to integrate your MySQL with Seceon SIEM so that you can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log forwarding.
For this port 514 needs to be allowed from firewall
Steps Of Configuration
Login on Windows MySQL Server
Download the latest version of nxlog. It is easiest to choose the Windows msi file which includes an installer:
http://nxlog.org/products/nxlog-community-edition/download
...
| Code Block |
|---|
##################################################
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension syslog>
Module xm_syslog
</Extension>
<Input dbi>
Module im_file
File "C:\\Windows\\MySQL.log"
SavePos TRUE
InputType LineBased
</Input>
<Output dbi_out>
Module om_udp
Host CCE_IP_ADDRESS
Port 514
Exec $SyslogFacilityValue = 2;
Exec $SourceName = 'mysql_logs';
Exec to_syslog_bsd();
</Output>
<Route dbi>
Path dbi => dbi_out
</Route> |
VERIFICATION OF CONFIGURATION
Verification can be done either from CCE Server or from UI.
Using UI
STEP 1: Login to UI >> SYSTEM
...
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .
...
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
...
Using CCE SERVER
“sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be ran on CCE server to check whether or not we are getting logs .