Cybersecurity
DevOps Cloud
IT Operations Cloud
Here is a quick step-by-step guide on how to use the Sentinel MySQL collector to point to AGS 6 for audit events. I am running Windows and mySQL for AGS server, but the procedure can be easily adapted to Linux, Oracle or MS-SQL.
Figure 1: Using graphical tool to access MySql database. mysql.exe command can also be used.
e.g. : mysql -u root -p password
Figure 2: spt_audit_event table that contains user(administrators, reviewers, etc) events.
Figure 3: We create a view that will be used by Sentinel to collect events. Alternatively, we could have modified the query in Sentinel collector.
Here is the create view statement:
-------------------------
create view identityiq.general_log as
select CONCAT(FROM_UNIXTIME(LEFT(created, LENGTH(created) - 3)), '.', RIGHT(created, 3))
as event_time,action,source as user_host,id as thread_id, 'localhost' as server_id, action as command_type, target as argument from identityiq.spt_audit_event;
--------------------------
Note that we have to convert the bigint format for the created column to a format that Sentinel can read.
You may have to grant additional rights to identityiq user for remote access to mySQL objects, for example:
------------------
GRANT SELECT ON identityiq.general_log TO 'identityiq'@'%';
------------------
I hope this quick article proved to be helpful to you.