- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
Set Up MySQL Collector
If you use MySQL Relational Database Management Systems (RDBMS), set up the MySQL collector to pull logs from your RDBM sources. The MySQL collector is a set of Site Collector flows, pre-built processors, groups, custom processors, other components, and integrations that pull logs in JSON format from your databases and push the logs to Exabeam Security Operations Platform.
To set up a MySQL collector:
Log in to the Exabeam Security Operations Platform with your registered credentials.
Navigate to Collectors > Site Collectors.
Ensure that Site Collector is installed and in running state.
On the Site Collector page, click the Collectors Library tab, then click MySQL.
In the Definition section, enter the following required information.
Collector Name – Specify a name for the MySQL collector.
Note
Ensure that you specify different names for Site Collector instance and the collector.
Site Collector Instance – Select the site collector instance for which you want to set up the MySQL collector.
MySQL Hostname or IP – Enter the hostname or IP address of the MySQL database server from which you want the MySQL collector to pull logs.
Port – Enter the port number of your MySQL server.
Database – Enter the database name of the destination.
Click Next.
In the Authentication section, enter the username and password of an existing database user of your MySQL server, for establishing the connection with the MySQL source.
Click Next.
In the Data section, enter the required information as follows.
Fetch Interval – Select the time interval within which you want the MySQL collector to pull logs. For example: 30 sec, 1 min, 2 min, 3 min, 4 min, and 5 min.
Search Query – Enter the details for following fields:
Iterator Column – Enter the value that will be used for incremental data pull. Ensure that the column value is unique, and is returned in the query result set.
Iterator column initial value – Enter the value for the initial data pull. Use the iterator column initial value to pull historical data.
Query – Enter the MySQL query to specify the type of data that you want the collector to pull.
For example: To fetch logs from the MySQL database, use the following query.
SELECT * FROM <table> WHERE 1=1
The Iterator column value must be returned as a uniquely named column in the dataset. If you use joins, use AS to specify a rename for the iterator. For example:
Select table1.id as iterator, table2.id, table2.value from table1 join table2 on table1.id = table2.fk where table2.value > 0
Query Preview – View the preview of the query that you enter.
Click Setup.
The MySQL collector is set up and is ready to pull logs from your MySQL database.
After the MySQL collector is set up, Site Collector Core starts pulling logs periodically based on the query entered by the user and uploads logs to Exabeam Security Operations Platform. If the MySQL database is not available, Site Collector core resumes pulling logs from the place where it stopped.
Note
BLOB fields collection is not supported.
In case of installation failure, the collector is disabled, and the configuration is saved. You can check the status of the collector by accessing the user interface or by using the support package.