1 Reply Latest reply on Feb 6, 2015 9:55 PM by ryan.fitzpatrick

    how to get database log in SIEM

    19anand90

      I tried to add DBM in SIEM but it is asking some SSH connection error. I tried so many times but not able to add DBM. is it right way using DBM to send database log to SIEM?

        • 1. Re: how to get database log in SIEM
          ryan.fitzpatrick

          The DBM is part of the McAfee SIEM Suite of products. It sits off a span port where database traffic is replicated to it. The DBM then acts as a database, receives the connection, and interprets the command ran and writes it as a log of where the command was sent, what command was sent, and who sent the command.

           

          The DBM itself does not collect database logs, it listens for database commands issued remotely. Local database commands are not transmitted over the wire, therefore not spanned through the network.

           

          Depending on what you are trying to get from the database, determines on what you would need. SQL Audit logs can be collected via WMI Application logs on the DB Server if windows, if a linux OS is being used the logs should be written to a file somewhere and you can grab the logs from a file grab, or, you can also grab certain logs from the database by setting up the information on the receiver data source if it is a supported log type.