Re: [rsyslog] rsyslog + MariaDB + Fortigate

João Carlos Garcia via rsyslog Tue, 08 Oct 2024 07:53:37 -0700

Hi David,



Output mysql  -e "show variables like '%log%';"



| general_log_file                           | /var/lib/mysql/usyslog.log       
    |

| log_error                                      | /var/log/mysql/error.log     
          |









root@usyslog:/var/log/mysql# pwd

/var/log/mysql

root@usyslog:/var/log/mysql# ls -ltr

total 20

-rw-r----- 1 mysql adm 1922 out  3 10:43 error.log.5.gz

-rw-r----- 1 mysql adm   20 out  4 00:00 error.log.4.gz

-rw-r----- 1 mysql adm   20 out  5 00:00 error.log.3.gz

-rw-r----- 1 mysql adm   20 out  6 00:00 error.log.2.gz

-rw-r----- 1 mysql adm   32 out  7 00:00 error.log.1.gz

-rw-r----- 1 mysql adm    0 out  8 00:00 error.log

root@usyslog:/var/log/mysql#



There isn’t any error



Tks



João Carlos Garcia





-----Original Message-----
From: David Lang <da...@lang.hm>
Sent: Monday, October 7, 2024 8:25 PM
To: João Carlos Garcia via rsyslog <rsyslog@lists.adiscon.com>
Cc: João Carlos Garcia <jc.gar...@5wi.com.br>
Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate



are there any errors in the MariaDB logs?



David Lang



On Mon, 7 Oct 2024, João Carlos Garcia via rsyslog wrote:



> Date: Mon, 7 Oct 2024 23:16:28 +0000

> From: João Carlos Garcia via rsyslog 
> <rsyslog@lists.adiscon.com<mailto:rsyslog@lists.adiscon.com>>

> To: rsyslog-users 
> <rsyslog@lists.adiscon.com<mailto:rsyslog@lists.adiscon.com>>

> Cc: João Carlos Garcia <jc.gar...@5wi.com.br<mailto:jc.gar...@5wi.com.br>>

> Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate

>

> Brendan

>

> This isn't a production environment, but I did the changes:

>

>          if $fromhost-ip == '172.16.0.12' then

>          {

>                     action(type="ommysql" server="localhost" 
> db="fortigate_logs" uid="rsyslog" pwd="xxxxxxxxxxxxx")

>          }

>

> But no data is logged to database but is logged to /var/log/syslog. Don't 
> know!

>

> Tks,

>

> João Carlos Garcia

>

> -----Original Message-----

> From: rsyslog 
> <rsyslog-boun...@lists.adiscon.com<mailto:rsyslog-boun...@lists.adiscon.com>> 
> On Behalf Of Brendan

> Kearney via rsyslog

> Sent: Monday, October 7, 2024 9:18 AM

> To: rsyslog@lists.adiscon.com<mailto:rsyslog@lists.adiscon.com>

> Cc: Brendan Kearney <bpk...@gmail.com<mailto:bpk...@gmail.com>>

> Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate

>

> On 10/6/24 7:28 PM, João Carlos Garcia via rsyslog wrote:

>> Hi everyone .. No firewall installed

>>

>> root@usyslog:~# ufw status

>> Status: inactive

>>

>> root@usyslog:~# iptables -L

>> Chain INPUT (policy ACCEPT)

>> target     prot opt source               destination

>>

>> Chain FORWARD (policy ACCEPT)

>> target     prot opt source               destination

>>

>> Chain OUTPUT (policy ACCEPT)

>> target     prot opt source               destination

>>

>> root@usyslog:~# sestatus

>> Command 'sestatus' not found, but can be installed with:

>> apt install policycoreutils

>>

>> root@usyslog:~# setenforce 0

>> Command 'setenforce' not found, but can be installed with:

>> apt install selinux-utils

>>

>> Any other clue?

>>

>> Tks

>> João Garcia

>>

>>

>> -----Original Message-----

>> From: rsyslog 
>> <rsyslog-boun...@lists.adiscon.com<mailto:rsyslog-boun...@lists.adiscon.com>>
>>  On Behalf Of

>> Mauricio Tavares via rsyslog

>> Sent: Saturday, October 5, 2024 1:47 PM

>> To: rsyslog-users 
>> <rsyslog@lists.adiscon.com<mailto:rsyslog@lists.adiscon.com>>

>> Cc: Mauricio Tavares <raubvo...@gmail.com<mailto:raubvo...@gmail.com>>

>> Subject: Re: [rsyslog] rsyslog + MariaDB + Fortigate

>>

>> On Sat, Oct 5, 2024 at 8:47 AM João Carlos Garcia via rsyslog 
>> <rsyslog@lists.adiscon.com<mailto:rsyslog@lists.adiscon.com>> wrote:

>>> Brendan,

>>>

>>> Thanks for your help, I see the packets now have length > 0, but the data 
>>> is not written to the database.

>>>

>>> Is this correct?

>>>

>>> $AllowedSender TCP, 172.16.0.12/24

>>>

>>> if $fromhost-ip == '172.16.0.12' then {

>>>           action(type="ommysql" server="localhost" db="fortigate_logs"

>>> uid="root" pwd="password") }

>>>

>>> Thanks,

>>>

>>> João Carlos Garcia

>>>

>>         Do you have a firewall running in this host?

>> _______________________________________________

>> rsyslog mailing list

>> https://lists.adiscon.net/mailman/listinfo/rsyslog

>> http://www.rsyslog.com/professional-services/

>> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This 
>> is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our 
>> control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

>> _______________________________________________

>> rsyslog mailing list

>> https://lists.adiscon.net/mailman/listinfo/rsyslog

>> http://www.rsyslog.com/professional-services/

>> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE

>> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites 
>> beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
>> THAT.

>

> i would check you DB rights/permissions.  it's bad practice to use root as an 
> identity for DB access.  try to access the DB using the creds you provide to 
> the rsyslog daemon and validate that there are no issues.  i create a 
> specific user for rsyslog to access the log DB that i have, and dont use 
> system IDs like root. you might need to create a user and provide that user 
> the necessary permissions to the appropriate DB. check out this article...

>

> https://mariadb.com/kb/en/mariadb-authorization-and-permissions-for-sq

> l-server-users/

>

> HTH,

>

> brendan

>

> _______________________________________________

> rsyslog mailing list

> https://lists.adiscon.net/mailman/listinfo/rsyslog

> http://www.rsyslog.com/professional-services/

> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This 
> is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our 
> control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

> _______________________________________________

> rsyslog mailing list

> https://lists.adiscon.net/mailman/listinfo/rsyslog

> http://www.rsyslog.com/professional-services/

> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE

> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites 
> beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog + MariaDB + Fortigate

Reply via email to