Hi Thorne and Dan, I just released a snapshot (alfa stage) with some rules/decoders for mysql error and generic query logs:
http://www.ossec.net/files/snapshots/ossec-hids-070828.tar.gz You just need to add your mysql log file to the ossec config: <localfile> <log_format>mysql_log</log_format> <location>/var/log/mysql/sys.err</location> </localfile> And it should just work (same format for the mysql query log). Btw, this snapshot also comes with MySQL/PostgreSQL database support for storing the alerts. If anyone is interested, just come by our irc channel (#ossec on freenode) and we will help you to set it up (docs not ready yet). Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 8/23/07, Thorne Lawler <[EMAIL PROTECTED]> wrote: > > Dan, > > Please let me know if you find any, that would be very handy. What would > be even better would be some kind of ossec plugin to mysql to do sql-level > sanity-checking and log issues through the ossec alert mechanism. > > As an alternative, if anyone knows of a sql-checking gadget for mysql of > some kind which logs to syslog, that would make ossec rules much easier. > > -- > Thorne Lawler > > Technical Consultant > ICT Outsourcing Services | Infrastructure Services | Unix Storage and > Delivery > KAZ Group Pty Ltd > 360 Elizabeth Street | Melbourne Victoria 3000 > (03) 9631 1747 | 0408 491 552 | Fax: (03) 9654 7334 > [EMAIL PROTECTED] | www.kaz-group.com > -------------------------------------------------------------------------------- > This communication may contain confidential information and/or copyright > material of KAZ Group Pty Ltd ABN 25 002 124 405 and its related bodies > corporate. It may also be the subject of legal professional privilege. If > you > are not an intended recipient, you must not keep, forward, copy, use, save > or > rely on this communication and any such action is unauthorised and > prohibited. > If you have received this communication in error, please reply to this > e-mail to > notify the sender of its incorrect delivery, and then delete both it and > your > reply > > > > > Dan <[EMAIL PROTECTED]> > Sent by: ossec-list@googlegroups.com > 23/08/2007 05:26 PM > Please respond to > ossec-list@googlegroups.com > > > To > ossec-list@googlegroups.com > cc > > Subject > [ossec-list] MySQL > > > > > > > > Hi > > I'm looking for MySQL rules for Ossec 1.3! Is there anyone who has > such rules? > > Thanks for your help. > > Regards, > Daniel > > > This communication may contain confidential information and/or copyright > material of KAZ Group Pty Ltd ABN 25 002 124 405 and its related bodies > corporate. It may also be the subject of legal professional privilege. If > you are not an intended recipient, you must not keep, forward, copy, use, > save or rely on this communication and any such action is unauthorised and > prohibited. If you have received this communication in error, please reply > to this e-mail to notify the sender of its incorrect delivery, and then > delete both it and your reply. >