Collecting Mysql-data in CYBERQUEST
This guide describes the procedure for audit activation on MariaDB.
1.In order to activate the audit on MariaDB, perform the following actions:
A.Open mysql config file using the following command:
nano /etc/mysql/my.cnf
B.Add the following lines [mysqld]:
plugin_load=server_audit=server_audit.so
server_audit_events=connect,query,table
server_audit=FORCE_PLUS_PERMANENT
C.Restart mysql service with the following command:
systemctl restart mysql.service
The default location for the logs is : /var/lib/mysql/server_audit.log
2.If syslog logging is required follow the steps from bellow:
A.Open mysql config file using the following command:
nano /etc/mysql/my.cnf
B.Add the following parameter:
server_audit_output_type=SYSLOG
C.Restart mysql service with command:
systemctl restart mysql.service
Check parameters with the following command:
SHOW GLOBAL VARIABLES LIKE 'server_audit%';
Check syslog logging with the following command:
tail -f /var/log/syslog OR tail -f /var/log/messages
Reference:
https://mariadb.com/kb/en/library/mariadb-audit-plugin-installation/