1 Overview
2 Steps Of Configuration
3 VERIFICATION OF CONFIGURATION
- 3.1 Using UI
- 3.2 Using CCE SERVER

Overview

We are providing you the steps to integrate your MySQL with Seceon SIEM so that you can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log forwarding.

For this port 514 needs to be allowed from firewall

Steps Of Configuration

Login on Windows MySQL Server
Download the latest version of nxlog. It is easiest to choose the Windows msi file which includes an installer:

http://nxlog.org/products/nxlog-community-edition/download

3. Open the Nxlog configuration file at:

C:\Program Files (x86)\nxlog\conf\nxlog.conf

4.Use below mentioned nxlog config to configure windows MySQL log from MySQL server(replace nxlog.conf whole file content from below config ):

##################################################

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log


<Extension syslog>
  Module xm_syslog
</Extension>

<Input dbi>

    Module im_file
    File "C:\\Windows\\MySQL.log"
    SavePos TRUE
    InputType LineBased    
</Input>

<Output dbi_out>
  Module om_udp
  Host CCE_IP_ADDRESS
  Port 514
  Exec $SyslogFacilityValue = 2;
  Exec $SourceName = 'mysql_logs';
  Exec to_syslog_bsd();
</Output>

<Route dbi>
  Path dbi => dbi_out
</Route>