HIDs agent syslog(/var/log/mysql/mysql.log) alerts not showing in analysis/security_events but is showing in environment/detection/hids Alerts Log. How can I did that so hids alerts showing in security_events.

43 views
Skip to first unread message

Dosimbek Umarov

unread,
Nov 26, 2023, 4:49:06 PM11/26/23
to ossec-list


**Phase 1: Completed pre-decoding.
       full event: '023 Nov 26 16:10:49 (bd-2) 192.168.110.3->/var/log/mysql/mysql.log 20231126 16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete  ON * . * FROM \'test6\'@\'localhost\'',0'
       hostname: 'alienvault'
       program_name: '(null)'
       log: '023 Nov 26 16:10:49 (bd-2) 192.168.110.3->/var/log/mysql/mysql.log 20231126 16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete  ON * . * FROM \'test6\'@\'localhost\'',0'

**Phase 2: Completed decoding.
       decoder: 'maria_user_audit'

**Phase 3: Completed filtering (rules).
       Rule id: '196003'
       Level: '7'
       Description: 'Maria User edited'
**Alert to be generated.

AV - Alert - "1700993449" --> RID: "196003"; RL: "7"; RG: "mariadb,"; RC: "Maria User edited"; USER: "None"; SRCIP: "None"; HOSTNAME: "(bd-2) 192.168.110.3->/var/log/mysql/mysql.log"; LOCATION: "(bd-2) 192.168.110.3->/var/log/mysql/mysql.log"; EVENT: "[INIT]20231126 16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete  ON * . * FROM \'test6\'@\'localhost\'',0[END]"; 
Reply all
Reply to author
Forward
0 new messages