Hi David,
Output mysql -e "show variables like '%log%';"
| general_log_file | /var/lib/mysql/usyslog.log
|
| log_error | /var/log/mysql/error.log
|
root@usyslog:/var/log/mysql# pwd
/var/log/mysql
root@usyslog:/var/log/mysql# ls -ltr
total 20
-rw-r----- 1 mysql adm 1922 out 3 10:43 error.log.5.gz
-rw-r----- 1 mysql adm 20 out 4 00:00 error.log.4.gz
-rw-r----- 1 mysql adm 20 out 5 00:00 error.log.3.gz
-rw-r----- 1 mysql adm 20 out 6 00:00 error.log.2.gz
-rw-r----- 1 mysql adm 32 out 7 00:00 error.log.1.gz
-rw-r----- 1 mysql adm 0 out 8 00:00 error.log
root@usyslog:/var/log/mysql#
There isn’t any error
Tks
João Carlos Garcia
-----Original Message-----
From: David Lang <[email protected]>
Sent: Monday, October 7, 2024 8:25 PM
To: João Carlos Garcia via rsyslog <[email protected]>
Cc: João Carlos Garcia <[email protected]>
Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate
are there any errors in the MariaDB logs?
David Lang
On Mon, 7 Oct 2024, João Carlos Garcia via rsyslog wrote:
> Date: Mon, 7 Oct 2024 23:16:28 +0000
> From: João Carlos Garcia via rsyslog
> <[email protected]<mailto:[email protected]>>
> To: rsyslog-users
> <[email protected]<mailto:[email protected]>>
> Cc: João Carlos Garcia <[email protected]<mailto:[email protected]>>
> Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate
>
> Brendan
>
> This isn't a production environment, but I did the changes:
>
> if $fromhost-ip == '172.16.0.12' then
> {
> action(type="ommysql" server="localhost"
> db="fortigate_logs" uid="rsyslog" pwd="xxxxxxxxxxxxx")
> }
>
> But no data is logged to database but is logged to /var/log/syslog. Don't
> know!
>
> Tks,
>
> João Carlos Garcia
>
> -----Original Message-----
> From: rsyslog
> <[email protected]<mailto:[email protected]>>
> On Behalf Of Brendan
> Kearney via rsyslog
> Sent: Monday, October 7, 2024 9:18 AM
> To: [email protected]<mailto:[email protected]>
> Cc: Brendan Kearney <[email protected]<mailto:[email protected]>>
> Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate
>
> On 10/6/24 7:28 PM, João Carlos Garcia via rsyslog wrote:
>> Hi everyone .. No firewall installed
>>
>> root@usyslog:~# ufw status
>> Status: inactive
>>
>> root@usyslog:~# iptables -L
>> Chain INPUT (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>>
>> root@usyslog:~# sestatus
>> Command 'sestatus' not found, but can be installed with:
>> apt install policycoreutils
>>
>> root@usyslog:~# setenforce 0
>> Command 'setenforce' not found, but can be installed with:
>> apt install selinux-utils
>>
>> Any other clue?
>>
>> Tks
>> João Garcia
>>
>>
>> -----Original Message-----
>> From: rsyslog
>> <[email protected]<mailto:[email protected]>>
>> On Behalf Of
>> Mauricio Tavares via rsyslog
>> Sent: Saturday, October 5, 2024 1:47 PM
>> To: rsyslog-users
>> <[email protected]<mailto:[email protected]>>
>> Cc: Mauricio Tavares <[email protected]<mailto:[email protected]>>
>> Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate
>>
>> On Sat, Oct 5, 2024 at 8:47 AM João Carlos Garcia via rsyslog
>> <[email protected]<mailto:[email protected]>> wrote:
>>> Brendan,
>>>
>>> Thanks for your help, I see the packets now have length > 0, but the data
>>> is not written to the database.
>>>
>>> Is this correct?
>>>
>>> $AllowedSender TCP, 172.16.0.12/24
>>>
>>> if $fromhost-ip == '172.16.0.12' then {
>>> action(type="ommysql" server="localhost" db="fortigate_logs"
>>> uid="root" pwd="password") }
>>>
>>> Thanks,
>>>
>>> João Carlos Garcia
>>>
>> Do you have a firewall running in this host?
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This
>> is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
>> control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
>> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
>> beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
>> THAT.
>
> i would check you DB rights/permissions. it's bad practice to use root as an
> identity for DB access. try to access the DB using the creds you provide to
> the rsyslog daemon and validate that there are no issues. i create a
> specific user for rsyslog to access the log DB that i have, and dont use
> system IDs like root. you might need to create a user and provide that user
> the necessary permissions to the appropriate DB. check out this article...
>
> https://mariadb.com/kb/en/mariadb-authorization-and-permissions-for-sq
> l-server-users/
>
> HTH,
>
> brendan
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This
> is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
> control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
> beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
