Hi, I've got OSSEC 2.4 running nicely. I have agents on ~30 servers. I have data being reported, and stored in a MySQL database. I have Splunk 4.1.4 Free doing some nice trend reporting too. I have the OSSEC-WUI going too.
I have all this raw data in MySQL. I'd like to do some reporting on it? I've been trying to use the OpenOffice Base tool with the native connector to MySQL to build some queries. I've dumped that db from my production server, reloaded it (actually done a db sync) on another MySQL server to do reporting from (aka a dataware house). I've used the MySQL workbench to find the primary and secondary keys on the tables, but I'm having problems getting data to appear in my queries. Anyone else tried this? What tables & keys are you using?
