IBM Security QRadar

Hi All,

Recently I have installed Qradar CE and what to get the logs from mysql database, so installed JDBC . While creating log source I have selected log source type "Universal DSM" and Protocol "JDBC". In database expect mqsql .. I could see oracle,MSDE,postgres ..etc. pls help how to add mysql in database list.


Thanks & Regards,
Pranes

------------------------------
Pranesh Rajendran
------------------------------

​Hello @Pranesh Rajendran,

You are correct.

To collect MySQL logs into QRadar, create a Universal DSM log source and choose the JDBC protocol as you have done.

If MySQL does not appear as an option under Database Type,  you have to do the following :

QRadar: How to download and install the MySQL driver for a JDBC log source (ibm.com)

Hope this helps,
Zoldax

​​

------------------------------
@zoldax

https://www.youracclaim.com/users/pascal-weber.029e134d/badges
------------------------------

Original Message:
Sent: Fri November 11, 2022 11:42 AM
From: Pranesh Rajendran
Subject: Mysql not listing database type

Hi All,

Recently I have installed Qradar CE and what to get the logs from mysql database, so installed JDBC . While creating log source I have selected log source type "Universal DSM" and Protocol "JDBC". In database expect mqsql .. I could see oracle,MSDE,postgres ..etc. pls help how to add mysql in database list.


Thanks & Regards,
Pranes

------------------------------
Pranesh Rajendran
------------------------------

Thanks Pascal. Initially I installed rpm package .. As you said Now I download the jar file and configured.Now able to list the MYSQL in database type .


------------------------------
Pranesh Rajendran
------------------------------

Original Message:
Sent: Sat November 12, 2022 06:20 AM
From: Pascal Weber
Subject: Mysql not listing database type

​Hello @Pranesh Rajendran,

You are correct.

To collect MySQL logs into QRadar, create a Universal DSM log source and choose the JDBC protocol as you have done.

If MySQL does not appear as an option under Database Type,  you have to do the following :

QRadar: How to download and install the MySQL driver for a JDBC log source (ibm.com)

Hope this helps,
Zoldax

​​

------------------------------
@zoldax

https://www.youracclaim.com/users/pascal-weber.029e134d/badges

Original Message:
Sent: Fri November 11, 2022 11:42 AM
From: Pranesh Rajendran
Subject: Mysql not listing database type

Hi All,

Recently I have installed Qradar CE and what to get the logs from mysql database, so installed JDBC . While creating log source I have selected log source type "Universal DSM" and Protocol "JDBC". In database expect mqsql .. I could see oracle,MSDE,postgres ..etc. pls help how to add mysql in database list.


Thanks & Regards,
Pranes

------------------------------
Pranesh Rajendran
------------------------------

Hi,
in addition to what Pascal mentioned correctly, you may want to create your own DSM type to process all your Mysql event data, categorize them and assign QIDs. DSM editor you are probably already aware of. This will extend your list of logsource types with your own one for Mysql.
https://www.securitylearningacademy.com/enrol/index.php?id=5624 is a good starting point but there are many more entries in security learning academy.
In case you already know, this is for other readers looking for a solution.
Regards
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------

Original Message:
Sent: Fri November 11, 2022 11:42 AM
From: Pranesh Rajendran
Subject: Mysql not listing database type

Hi All,

Recently I have installed Qradar CE and what to get the logs from mysql database, so installed JDBC . While creating log source I have selected log source type "Universal DSM" and Protocol "JDBC". In database expect mqsql .. I could see oracle,MSDE,postgres ..etc. pls help how to add mysql in database list.


Thanks & Regards,
Pranes

------------------------------
Pranesh Rajendran
------------------------------

Thanks Karl,  Don't have real time experience. let me go through the learning which you shared. 




------------------------------
Pranesh Rajendran
------------------------------

Original Message:
Sent: Mon November 14, 2022 05:08 AM
From: Karl Jaeger
Subject: Mysql not listing database type

Hi,
in addition to what Pascal mentioned correctly, you may want to create your own DSM type to process all your Mysql event data, categorize them and assign QIDs. DSM editor you are probably already aware of. This will extend your list of logsource types with your own one for Mysql.
https://www.securitylearningacademy.com/enrol/index.php?id=5624 is a good starting point but there are many more entries in security learning academy.
In case you already know, this is for other readers looking for a solution.
Regards
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Fri November 11, 2022 11:42 AM
From: Pranesh Rajendran
Subject: Mysql not listing database type

Hi All,

Recently I have installed Qradar CE and what to get the logs from mysql database, so installed JDBC . While creating log source I have selected log source type "Universal DSM" and Protocol "JDBC". In database expect mqsql .. I could see oracle,MSDE,postgres ..etc. pls help how to add mysql in database list.


Thanks & Regards,
Pranes

------------------------------
Pranesh Rajendran
------------------------------

I need to see  tables record in Qradar Log activity . Qradar Log source status is success and last event is N/A . 


Database - LOGDB
Tables - student_table 

Fields - Personal ID, First name, Last name 

For testing having only two record 

On creating log source :
      In Select  List - * (all), Not sure what value need to be update in Compare Field. 
                              
    
Please let me know, how to pull the tables record . 

Tested : Using Java program I able to connect the database server successfully .

------------------------------
Pranesh Rajendran
------------------------------

Original Message:
Sent: Mon November 14, 2022 05:08 AM
From: Karl Jaeger
Subject: Mysql not listing database type

Hi,
in addition to what Pascal mentioned correctly, you may want to create your own DSM type to process all your Mysql event data, categorize them and assign QIDs. DSM editor you are probably already aware of. This will extend your list of logsource types with your own one for Mysql.
https://www.securitylearningacademy.com/enrol/index.php?id=5624 is a good starting point but there are many more entries in security learning academy.
In case you already know, this is for other readers looking for a solution.
Regards
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Fri November 11, 2022 11:42 AM
From: Pranesh Rajendran
Subject: Mysql not listing database type

Hi All,

Recently I have installed Qradar CE and what to get the logs from mysql database, so installed JDBC . While creating log source I have selected log source type "Universal DSM" and Protocol "JDBC". In database expect mqsql .. I could see oracle,MSDE,postgres ..etc. pls help how to add mysql in database list.


Thanks & Regards,
Pranes

------------------------------
Pranesh Rajendran
------------------------------