QRadar XDR

  • 1.  Logs collection from Mysql table

    Posted Mon October 04, 2021 06:14 AM
    Hey everyone.
    I send logs to an mysql database. Logs are stored as a raw data in tables in MySQL database. I need to send those logs from this table to qradar

    ------------------------------
    naeel mostafa
    ------------------------------


  • 2.  RE: Logs collection from Mysql table

    Posted Tue October 05, 2021 06:40 AM
    You can use the universal log source or any other DSM for that matter, and the JDBC protocol to pull the events.  If you are using SSL to connect to the SQL there could be some certificate stuff that has to be done.  Otherwise tell it the database and table and a comparison value for the last event pulled.  That is all there is to it.

    ------------------------------
    Frank Eargle
    ------------------------------



  • 3.  RE: Logs collection from Mysql table

    Posted Tue October 05, 2021 07:43 AM
    Just to add to Frank's note : since it is MySQL, (if not done already) you might need to download the MySQL connector for RedHat linux - see this article.

    ------------------------------
    Dusan VIDOVIC
    ------------------------------