Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Device Configuration: MySQL Logs Configuration from Linux

Owned by Customer Success & Engineering
Last updated: Jan 08, 2023
2 min read

Overview

This article explains the requirements, and steps to configure, and verify the syslog's from MySQL Logs from Linux-based MySQL server to the Seceon CCE Collector. 

Requirements

  1. Admin access to the Linux-based MySQL server.Seceon Public Portal Home

  2. The path on the MySQL server where the logs are being stored in the server (example path considered here is: /var/log/httpd/access_log).

  3. Access to Seceon CCE command line with "seceon" user (In case you haven't received the password for it, please contact support@seceon.com).

  4. Access to Seceon Platform GUI.

Instructions

This process comprises the three steps mentioned below

  1. Configuration of My SQL Logs from the Linux-based server to the CCE

  2. Verify the MySQL Logs being received at Seceon CCE(Command Line)

  3. Verify the MySQL Logs being processed by Seceon Platform(GUI)

Configuration of My SQL Logs from the Linux based server to the CCE

  • Login to MySQL (running on Linux), as the "admin" user.
  • Open the rsyslog.conf, file using the vi editor, the command to be used:  vi  /etc/rsyslog.conf
    •  Add these lines on /etc/rsyslog.conf file
    • Uncomment/Add the below-mentioned lines to this file:

                       $ModLoad imfile

#### GLOBAL DIRECTIVES ####

$InputFileName /var/log/mysql/*.log

$InputFileTag mysql_logs:

$InputFileStateFile state-mysql-access

$InputRunFileMonitor

  • Configure CCE-IP at the end of the /etc/rsyslog.conf file:

#*.* @@remote-host:514

# ### end of the forwarding rule ###

*.* @CCE_IP:514

  • Save the rsyslog.conf file using :wq!
  • Run the command: service rsyslog restart
  • Check the status of rsyslog: service rsyslog status

Verification

Verify the MySQL Logs being received at Seceon CCE(Command Line):


  • Login to the Seceon CCE via command line(any SSH Client you are using), as "Seceon" user.
  • Run the command: sudo tcpdump -i any host MySQLDeviceIP and port 514 -XX
  • Examine the logs being displayed on the screen to ensure they are MySQL DB Logs.
  • Press CTRL+C to stop the capture. If you do not see the correct logs being shown in this capture, please get back to the MySQL DB server and verify the configuration as per the steps in previous section.

Verify the MySQL Logs being received at Seceon Platform GUI:


STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

  • If you see the data after generating this report, you are all set. If not, please review the configurations.

     In case of any issues/assistance required, please contact Seceon Support Team(support@seceon.com)




Seceon Inc. All rights reserved. https://www.seceon.com