Cant see query logs from Mysql in Wazuh Dashboard

[Muhammad Farash P]

Hai all,

I have been trying to fetch Mysql error logs and Mysql query to show it on my wazuh dashboard. I added the location (/var/log/mysql) of the logs created in the ossec.config in both server and agent. Then also the issue is not fixed.Please help me out. Thanks in advance.

[Cedrick Foko]

Hi Muhammad, 

Thank you for using Wazuh!

I'll be glad to help you with this.

• You don't have to add the location (var/log/mysql) in the server, but just in the agent configuration. More information about log data collection here:  How it works - Log data collection · Wazuh documentation
  Make sure to add the location of your log file, not a directory.
• To generate Mysql query logs, you should enable general logging in mysql using the following command: set global general_log='on';
• Mysql query logs will be saved in a log file in /var/lib/mysql directory (the file name can change depending on the system).
• To make sure your logs are sent to the manager, you need to enable log_all option in manager's ossec.conf file and restart your wazuh-manager service: systemctl restart wazuh-manager
  Then check mysql logs in your manager's /var/ossec/logs/archives/archives.log file.
• If archives.log file contains your logs, then you will need to create rules and decoders for those logs. You can find guidance for rules and decoders creation here:  Custom rules and decoders - Ruleset · Wazuh documentation
• Make sure to disable the log_all option in your manager's ossec.conf file at the end of debugging otherwise, it could cause a lot of disk usage on the manager.

I hope you find this helpful.

Let me know if you have any other question.