are there any errors in the MariaDB logs? David Lang
On Mon, 7 Oct 2024, João Carlos Garcia via rsyslog wrote:
Date: Mon, 7 Oct 2024 23:16:28 +0000 From: João Carlos Garcia via rsyslog <rsyslog@lists.adiscon.com> To: rsyslog-users <rsyslog@lists.adiscon.com> Cc: João Carlos Garcia <jc.gar...@5wi.com.br> Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate Brendan This isn't a production environment, but I did the changes: if $fromhost-ip == '172.16.0.12' then { action(type="ommysql" server="localhost" db="fortigate_logs" uid="rsyslog" pwd="xxxxxxxxxxxxx") } But no data is logged to database but is logged to /var/log/syslog. Don't know! Tks, João Carlos Garcia -----Original Message----- From: rsyslog <rsyslog-boun...@lists.adiscon.com> On Behalf Of Brendan Kearney via rsyslog Sent: Monday, October 7, 2024 9:18 AM To: rsyslog@lists.adiscon.com Cc: Brendan Kearney <bpk...@gmail.com> Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate On 10/6/24 7:28 PM, João Carlos Garcia via rsyslog wrote:Hi everyone .. No firewall installed root@usyslog:~# ufw status Status: inactive root@usyslog:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@usyslog:~# sestatus Command 'sestatus' not found, but can be installed with: apt install policycoreutils root@usyslog:~# setenforce 0 Command 'setenforce' not found, but can be installed with: apt install selinux-utils Any other clue? Tks João Garcia -----Original Message----- From: rsyslog <rsyslog-boun...@lists.adiscon.com> On Behalf Of Mauricio Tavares via rsyslog Sent: Saturday, October 5, 2024 1:47 PM To: rsyslog-users <rsyslog@lists.adiscon.com> Cc: Mauricio Tavares <raubvo...@gmail.com> Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate On Sat, Oct 5, 2024 at 8:47 AM João Carlos Garcia via rsyslog <rsyslog@lists.adiscon.com> wrote:Brendan, Thanks for your help, I see the packets now have length > 0, but the data is not written to the database. Is this correct? $AllowedSender TCP, 172.16.0.12/24 if $fromhost-ip == '172.16.0.12' then { action(type="ommysql" server="localhost" db="fortigate_logs" uid="root" pwd="password") } Thanks, João Carlos GarciaDo you have a firewall running in this host? _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.i would check you DB rights/permissions. it's bad practice to use root as an identity for DB access. try to access the DB using the creds you provide to the rsyslog daemon and validate that there are no issues. i create a specific user for rsyslog to access the log DB that i have, and dont use system IDs like root. you might need to create a user and provide that user the necessary permissions to the appropriate DB. check out this article... https://mariadb.com/kb/en/mariadb-authorization-and-permissions-for-sql-server-users/ HTH, brendan _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
