parsing mariadb(mysqld) audit log on ops agent

17 views
Skip to first unread message

Nobuaki Ito

unread,
May 23, 2022, 7:15:14 PMMay 23
to gce-discussion
I am trying to parse the mariadb(mysqld) audit log using google cloud ops agent, but is having problem with the regex. 

This is an entry on an mariadb(mysqld) audit log:
20220521 00:50:12,prod-vm,bn_wordpress,localhost,6666,999999,QUERY,wordpress,'UPDATE `sitemeta` SET `meta_value` = \'***********\' WHERE `site_id` = 1 AND `key` = \'cloud_last_cron\'',0

I am trying to parse the audit log by configuring ops-agent, by appling the "parse_regex" type processor on the log, but have not succeeded in doing so.

Here is the regex that I used.
regex: "^(?<time>[^,]*) (?<jsonPayload.host>[^,]*) (?<jsonPayload.user>[^,]*) (?<jsonPayload.client>[^,]*) (?<jsonPayload.pid>[^,]*) (?<jsonPayload.tid>[^,]*) (?<jsonPayload.command>[^,]*) (?<jsonPayload.database>[^,]*) (?<jsonPayload.message>[^,]*) (?<jsonPayload.errorNumber>.*)$"

What could be wrong?

Andres Fiesco Casasola

unread,
May 24, 2022, 4:48:31 PMMay 24
to gce-discussion

Did you use any Google documentation to create the code? Could you also share the logs?, and do you get an error message? 

Reply all
Reply to author
Forward
0 new messages