Skip to content

Collecting Mysql-data in CYBERQUEST

This guide describes the procedure for audit activation on MariaDB.

1.In order to activate the audit on MariaDB, perform the following actions:

A.Open mysql config file using the following command:

nano /etc/mysql/my.cnf

B.Add the following lines [mysqld]:

plugin_load=server_audit=server_audit.so
server_audit_events=connect,query,table
server_audit=FORCE_PLUS_PERMANENT

C.Restart mysql service with the following command:

systemctl restart mysql.service

The default location for the logs is : /var/lib/mysql/server_audit.log

2.If syslog logging is required follow the steps from bellow:

A.Open mysql config file using the following command:

nano /etc/mysql/my.cnf

B.Add the following parameter:

server_audit_output_type=SYSLOG

C.Restart mysql service with command:

systemctl restart mysql.service

Check parameters with the following command:

SHOW GLOBAL VARIABLES LIKE 'server_audit%';

Check syslog logging with the following command:

tail -f /var/log/syslog OR tail -f /var/log/messages

Reference:

https://mariadb.com/kb/en/library/mariadb-audit-plugin-installation/