This pack includes XSIAM content.
Collect Events from Vendor
MySQL Enterprise Server Configuration
- Install the audit log plugin
- After the audit log plugin installation verify the following two lines in the
my.cnf
file:
plugin-load = audit_log.so
audit_log_format=JSON
XDRC (XDR Collector)
You will need to use the information described here.\
You can configure the vendor and product by replacing [vendor]_[product]_raw with mysql_enterprise_raw.\
When configuring the instance, you should use a yml that configures the vendor and product, like this example:
filebeat.inputs:
- type: filestream
enabled: true
json.keys_under_root: true
json.add_error_key: true
paths:
- /var/lib/mysql/audit.log
processors:
- add_fields:
fields:
vendor: mysql
product: enterprise