OSSEC watching SQL
33 views
Skip to first unread message
Mike Hammett
Jan 8, 2017, 8:19:34 AM1/8/17
to ossec-list
My current centralized logging environment stores syslog in MySQL. Can OSSEC watch a SQL database instead of a file?
dan (ddp)
Jan 8, 2017, 8:56:22 AM1/8/17
to ossec...@googlegroups.com
On Jan 8, 2017 8:19 AM, "Mike Hammett" <ics.mh...@gmail.com> wrote:
My current centralized logging environment stores syslog in MySQL. Can OSSEC watch a SQL database instead of a file?
Not at this time
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Kat
Jan 24, 2017, 1:04:26 PM1/24/17
to ossec-list
Sort of.
One of the things I did with OSSEC and mySQL - as i had critical tables that I wanted to know when they were being accessed, was to create a mySQL trigger that would write a logfile entry anytime the table was access with all the information needed. OSSEC of course picked this up and alerted me.
Take a loog here - http://www.mysqltutorial.org/create-the-first-trigger-in-mysql.aspxhttp://www.mysqltutorial.org/create-the-first-trigger-in-mysql.aspx
And they have a good example showing an . "Employees" table that they want to keep track of. It is not that hard, and performance hit is negligible. Obviously if you tried to do a trigger on each insert for the entire database, that would kill it, but . you can do a lot of creative things with OSSEC.
Cheers
Kat
Kat
Reply all
Reply to author
Forward
0 new messages