On Thu, May 18, 2017 at 3:50 PM, Pedro Sanchez <pe...@wazuh.com> wrote: > Hi, > > I did not find any MariaDB decoders/rules, it could be interesting to create > them. Feel free to paste here some log samples so we can take a look and > maybe guide you a little bit to create them. >
The OSSEC project would also be interested in log samples. > Cheers, > Pedro. > > On Wed, May 17, 2017 at 8:17 PM, John Gelnaw <jgel...@gmail.com> wrote: >> >> >> As the default audit plugins for MySQL are somewhat horrific (XML is not a >> log format), and the log syntax for MySQL is multi-line, I've been looking >> for other options. >> >> The MariaDB audit plugin so far looks very nice-- It's highly tunable in >> terms of what it can report and it plays nice with syslog. >> >> And since it works with the API, it plugs nicely into not just MariaDB, >> but MySQL 5.6 and 5.7. >> >> Has anyone written OSSEC rulesets that parse the logs from the MariaDB >> audit plugin? Failed login attempts are easy, but more devious things like >> rights changes and schema changes would be nice to track as well. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
