Documentation Center
AlienVault® USM Anywhere™

Percona Server for MySQL Audit Log

When you configure Percona Server for MySQL Audit Log to send log data to USM Anywhere, you can use the Percona Audit Log plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Percona
Device Type Infrastructure Monitoring
Connection Type Syslog

Integrating Percona Server for MySQL Audit Log

Before you configure the Percona Server for MySQL Audit Log integration, you must have the IP Address of the USM Anywhere Sensor.

To configure Percona Server for MySQL Audit Log to send Syslog messages to USM Anywhere

To stream Percona Server for MySQL Audit Log syslog data to USM Anywhere, you need to set the audit_log_handler variable to SYSLOG. To control the syslog file handler, you can configure the following variables:

  • audit_log_syslog_ident — This variable is used to specify the ident value for syslog. The default value is percona-audit.
  • audit_log_syslog_facility — This variable is used to specify the facility value for syslog. The default value is LOG-USER.
  • audit_log_syslog_priority — This variable is used to specify the priority value for syslog. The default value is LOG-INFO.

Note: The USM Anywhere Sensor IP Address must be set in the rsyslog.conf file.

Plugin Enablement

The plugin full name as appeared in product web UI plugin will automatically process all messages when the raw message contains "audit_record".

Available Plugin Fields

The following plugin fields are important attributes extracted from the syslog message. USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.

  • customfield_0
  • customfield_1
  • customheader_0
  • customheader_1
  • event_action
  • event_description
  • event_name
  • event_receipt_time
  • source_address
  • source_fqdn
  • source_username
  • status

Additional Resources and Troubleshooting

https://www.percona.com/doc/percona-server/LATEST/management/audit_log_plugin.html

For troubleshooting, see the vendor documentation.