IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Sent mysql logs to qradar

    Posted Thu December 08, 2022 07:13 AM
    Hi, is there a way to configure the rsyslog to foward the mysql logs to qradar? Or it's only using the JDBC protocol?

    ------------------------------
    Charlie
    ------------------------------


  • 2.  RE: Sent mysql logs to qradar

    Posted Thu December 08, 2022 03:06 PM
    Edited by Jonathan Pechta Thu December 08, 2022 04:52 PM

    The supported method of MySQL event collection uses JDBC for QRadar direct integrations. Be aware, you need to have the MySQL Connector/J to collect these events as mentioned in our documentation: JDBC protocol configuration options. If you had IBM Security Guardium with QRadar, a supported option might be Guardium monitoring your MySQL and configuring your Guardium instance to QRadar to alert on changes.  

    There are methods to configure MySQL to export logs to syslog or to setup rsyslog, but these are not supported as it falls in to the "Undocumented protocols" realm for support issues. There are some plug-ins that might help with this too, such as Percona has a plug-in that allows you to forward MySQL to Syslog. Either way, only JDBC is the only supported collection method.



    ------------------------------
    Jonathan Pechta
    QRadar Support Content Lead
    Support forums: ibm.biz/qradarforums
    jonathan.pechta1@ibm.com
    ------------------------------

    Original Message


Related Content