HIDs agent syslog(/var/log/mysql/mysql.log) alerts not showing in analysis/security_events but is showing in environment/detection/hids Alerts Log. How can I did that so hids alerts showing in security_events.

43 views

Skip to first unread message

Dosimbek Umarov

unread,

Nov 26, 2023, 4:49:06 PM11/26/23

to ossec-list

**Phase 1: Completed pre-decoding.
full event: '023 Nov 26 16:10:49 (bd-2) 192.168.110.3->/var/log/mysql/mysql.log 20231126 16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete ON * . * FROM \'test6\'@\'localhost\'',0'
hostname: 'alienvault'
program_name: '(null)'
log: '023 Nov 26 16:10:49 (bd-2) 192.168.110.3->/var/log/mysql/mysql.log 20231126 16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete ON * . * FROM \'test6\'@\'localhost\'',0'

**Phase 2: Completed decoding.
decoder: 'maria_user_audit'

**Phase 3: Completed filtering (rules).
Rule id: '196003'
Level: '7'
Description: 'Maria User edited'
**Alert to be generated.

AV - Alert - "1700993449" --> RID: "196003"; RL: "7"; RG: "mariadb,"; RC: "Maria User edited"; USER: "None"; SRCIP: "None"; HOSTNAME: "(bd-2) 192.168.110.3->/var/log/mysql/mysql.log"; LOCATION: "(bd-2) 192.168.110.3->/var/log/mysql/mysql.log"; EVENT: "[INIT]20231126 16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete ON * . * FROM \'test6\'@\'localhost\'',0[END]";

Reply all

Reply to author

Forward

0 new messages