Mysql Monitoring

[Matias]

Since I can monitor the logs of a mysql database, basically I am interested in monitoring the actions that users do in the databases.

[Bin Do Tuan Anh]

Hi, 

To monitor logs you will need to configure following configuration on your agent's side. It is recommended to use Centralized configuration to push it to your agents. You can go to Management -> Groups, where you will need to choose the group (of which agent's configurations you want to modify. For more details about Centralized configuration you will be able to check it here: https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html

There you need to set your agents to monitor the log file. It will look like this:

<localfile> 

    <log_format>syslog</log_format> 

    <location>/path/to/your/mysql.log</location> 

</localfile>

Once you save it, all the agents in the group will start to send logs from the file to Wazuh Manager (where it will be analysed). 

For more details you can check it here:

- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html

- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html

Here you will be able to find default rules for Wazuh: https://github.com/wazuh/wazuh/blob/master/ruleset/rules/0295-mysql_rules.xml

Best regards,

Bin.