DOCUMENT LIBRARY

External Systems Configuration Guide

FortiSIEM External Systems Configuration Guide Online
Change Log
Overview
FortiSIEM External Ports
Supported Devices and Applications by Vendor
Applications
- Application Server
- Authentication Server
- Database Server
- DHCP and DNS Server
- Directory Server
  - Microsoft Active Directory
- Document Management Server
  - Microsoft SharePoint
- Healthcare IT
  - Epic EMR/EHR System
- Mail Server
  - Microsoft Exchange
- Management Server/Appliance
  - Cisco Application Centric Infrastructure (ACI)
  - Fortinet FortiManager
- Remote Desktop
  - Citrix Receiver (ICA)
- Source Code Control
- Unified Communication Server
- Web Server
Blade Servers
- Cisco UCS Server
- HP BladeSystem
Cloud Applications
- Alicide.io KAudit
- AWS Access Key IAM Permissions and IAM Policies
- AWS CloudTrail API
- AWS EC2
- AWS EC2 CloudWatch API
- AWS Kinesis
- AWS RDS
- AWS Security Hub
- Box.com
- Google Apps Audit
- Microsoft Azure Audit
- Microsoft Office365 Audit
- Microsoft Cloud App Security
- Micorosft Azure ATP
- Microsoft Azure Compute
- Microsoft Azure Event Hub
- Microsoft Windows Defender ATP
- Okta
- Salesforce CRM Audit
Console Access Devices
- Lantronix SLC Console Manager
End Point Security Software
- Bit9 Security Platform
- Carbon Black Security Platform
- Cisco AMP Cloud V0
- Cisco AMP Cloud V1
- Cisco Security Agent (CSA)
- CloudPassage Halo
- Crowdstrike
- Digital Guardian CodeGreen DLP
- ESET NOD32 Anti-Virus
- FortiClient
- FortinetFortiEDR
- MalwareBytes
- McAfee ePolicy Orchestrator (ePO)
- MobileIron Sentry and Connector
- Netwrix Auditor
- Palo Alto Traps Endpoint Security Manager
- SentinelOne
- Sophos Central
- Sophos Endpoint Security and Control
- Symantec Endpoint Protection
- Symantec SEPM
- Tanium Connect
- Trend Micro Interscan Web Filter
- Trend Micro Intrusion Defense Firewall (IDF)
- Trend Micro OfficeScan
Environmental Sensors
- APC Netbotz Environmental Monitor
- APC UPS
- Generic UPS
- Liebert FPC
- Liebert HVAC
- Liebert UPS
Firewalls
- Check Point FireWall-1
- Check Point Provider-1
- Check Point VSX
- Cisco Adaptive Security Appliance (ASA)
- Clavister Firewall
- Cyberoam Firewall
- Dell SonicWALL
- Fortinet FortiGate Firewall
- Imperva Securesphere Web App Firewall
- Juniper Networks SSG
- McAfee Firewall Enterprise (Sidewinder)
- Palo Alto
- Sophos UTM
- Stormshield Network Security
- Tigera Calico
- WatchGuard Firebox
Load Balancers and Application Firewalls
- Brocade ServerIron ADX
- Citrix Netscaler Application Delivery Controller (ADC)
- F5 Networks Application Security Manager
- F5 Networks Local Traffic Manager
- F5 Networks Web Accelerator
- Fortinet FortiADC
- Qualys Web Application Firewall
Network Compliance Management Applications
- Cisco Network Compliance Manager
- PacketFence
Network Intrusion Prevention System
- 3COM TippingPoint UnityOne IPS
- AirTight Networks SpectraGuard
- Alert Logic IRIS API
- Cisco FireSIGHT and FirePower Threat Defence
- Cisco Intrusion Prevention System
- Cisco Stealthwatch
- Cylance Protect Endpoint Protection
- Cyphort Cortex Endpoint Protection
- Damballa Failsafe
- Darktrace CyberIntelligence Platform
- FireEye Malware Protection System (MPS)
- FortiDDoS
- Fortinet FortiDeceptor
- Fortinet FortiNAC
- Fortinet FortiSandbox Configuration
- Fortinet FortiTester
- IBM Internet Security Series Proventia
- Indegy Security Platform
- Juniper DDoS Secure
- Juniper Networks IDP Series
- McAfee IntruShield
- McAfee Stonesoft IPS
- Motorola AirDefense
- Nozomi
- Radware DefensePro
- Snort Intrusion Prevention System
- Sourcefire 3D and Defense Center
- Trend Micro Deep Discovery
- Zeek (Bro) Installed on Security Onion
Routers and Switches
- Alcatel TiMOS and AOS Switch
- Arista Router and Switch
- Brocade NetIron CER Routers
- Cisco 300 Series Routers
- Cisco IOS Router and Switch
  - How CPU and Memory Utilization is Collected for Cisco IOS
- Cisco Meraki Cloud Controller and Network Devices
- Cisco NX-OS Router and Switch
- Cisco ONS
- Cisco Viptela SDWAN Router
- Dell Force10 Router and Switch
- Dell NSeries Switch
- Dell PowerConnect Switch and Router
- Foundry Networks IronWare Router and Switch
- HP/3Com ComWare Switch
- HP ProCurve Switch
- HP Value Series (19xx) and HP 3Com (29xx) Switch
- Hirschman SCADA Firewalls and Switches
- Juniper Networks JunOS Switch
- MikroTik Router
- Nortel ERS and Passport Switch
Security Gateways
- Barracuda Networks Spam Firewall
- Blue Coat Web Proxy
- Cisco IronPort Mail Gateway
- Cisco IronPort Web Gateway
- Fortinet FortiMail
- Fortinet FortiWeb
- Imperva Securesphere DB Monitoring Gateway
- Imperva Securesphere DB Security Gateway
- McAfee Vormetric Data Security Manager
- McAfee Web Gateway
- Microsoft ISA Server
- Squid Web Proxy
- SSH Comm Security CryptoAuditor
- Websense Web Filter
Servers
- HP UX Server
- IBM AIX Server
- IBM OS400 Server
- Linux Server
- Microsoft Windows Server
- QNAP Turbo NAS
- Sun Solaris Server
Storage
- Brocade SAN Switch
- Dell Compellant Storage
- Dell EqualLogic Storage
- EMC Clarion Storage
- EMC Isilon Storage
- EMC VNX Storage
- NetApp Data ONTAP
- NetApp Filer Storage
- Nimble Storage
- Nutanix Storage
Threat Intelligence
- FortiInsight
- LastLine
- ThreatConnect
Virtualization
- HyperV
- HyTrust CloudControl
- VMware ESX
VPN Gateways
- Cisco VPN 3000 Gateway
- Cyxtera AppGuard
- Juniper Networks SSL VPN Gateway
- Microsoft PPTP VPN Gateway
- Pulse Secure
Vulnerability Scanners
- AlertLogic
- Green League WVSS
- McAfee Foundstone Vulnerability Scanner
- Nessus Vulnerability Scanner
- Qualys QualysGuard Scanner
- Qualys Vulnerability Scanner
- Rapid7 NeXpose Vulnerability Scanner
- Rapid7 InsightVM
- Tenable.io
- Tenable Nessus Vulnerability Scanner
- Tenable Security Center
- XYLink Vulnerability Scanner
WAN Accelerators
- Cisco Wide Area Application Server
- Riverbed SteelHead WAN Accelerator
Wireless LANs
- Aruba Networks Wireless LAN
- Cisco Wireless LAN
- CradlePoint
- FortiAP
- FortiWLC
- Motorola WiNG WLAN AP
- Ruckus Wireless LAN
Using Virtual IPs to Access Devices in Clustered Environments
Syslog over TLS
SNMP V3 Traps
Flow Support
Appendix
- Access Credentials

Home FortiSIEM 5.3.2 External Systems Configuration Guide

5.3.2

MySQL Server

What is Discovered and Monitored
Configuration
Settings for Access Credentials
Sample events

What is Discovered and Monitored

Protocol	Information discovered	Metrics collected	Used for
SNMP	Application type	Process level CPU and memory utilization	Performance Monitoring
WMI	Application type, service mappings	Process level metrics: uptime, CPU utilization, Memory utilization, Read I/O KBytes/sec, Write I/O KBytes/sec	Performance Monitoring
JDBC		Generic database information: Version, Character Setting
JDBC		Database performance metrics: User COnnections, Table Updates, table Selects, Table Inserts, Table Deletes, Temp Table Creates, Slow Queries, Query cache Hits, Queries registered in cache, Database Questions, Users, Live Threads Table space performance metrics: Table space name, table space type, Character set and Collation, table space usage, table space free space, Database engine, Table version, Table Row Format, Table Row Count, Average Row Length, Index File length, Table Create time, Table Update Time	Performance Monitoring
JDBC	None	Database audit trail: Successful and failed database log on, Database CREATE/DELETE/MODIFY operations, Table CREATE/DELETE/MODIFY/INSERT operations	Security Monitoring

Event Types

In ADMIN > Device Support > Event, search for "mysql" in the Device Type and Description columns to see the event types associated with this device.

Rules

In RESOURCE > Rules, search for "mysql" in the Name column to see the rules associated with this application or device.

Reports

In RESOURCE > Reports , search for ""mysql" in the Name and Description columns to see the reports associated with this application or device.

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

JDBC for Database Auditing - MySQL Server

You must configure your MySQL Server to write audit logs to a database table. This topic in the MySQL documentation explains more about how to set the destination tables for log outputs.

Start MySQL server with TABLE output enabled.

bin/mysqld_safe --user=mysql --log-output=TABLE &

SET @old_log_state = @@global.general_log;
SET GLOBAL general_log = 'OFF';
ALTER TABLE mysql.general_log ENGINE = MyISAM;
SET GLOBAL general_log = @old_log_state;
SET GLOBAL general_log = 'ON';

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting	Value
Name	<set name>
Device Type	Generic
Access Protocol	SNMP
Community String	<your own>

Settings for MySQL Server JBDC Access Credentials for Performance Monitoring

Use these Access Method Definition settings to allow FortiSIEM to communicate with your MySQL Server over JDBC for performance monitoring:

Setting	Value
Name	MySQL-Performance-Monitoring
Device Type	Oracle MySQL
Access Protocol	JBDC
Used For	Performance Monitoring
Pull Interval (minutes)	5
Port	3306
User Name	The administrative user for the database server
Password	The password associated with the administrative user

Settings for MySQL Server JBDC Access Credentials for Database Auditing

Use these Access Method Definition settings to allow FortiSIEM to communicate with your MySQL Server over JDBC for database auditing:

Setting	Value
Name	MySQL-Audit
Device Type	Oracle MySQL
Access Protocol	JBDC
Used For	Audit
Pull Interval (minutes)	5
Port	1433
Database Name	<database name> (mysql)
Audit Table	general_log
User Name	The administrative user for the database server
Password	The password associated with the administrative user

Settings for MySQL Server JBDC Access Credentials for Synthetic Transaction Monitoring, Snort Audit, McAfee VulnMgr

Use these Access Method Definition settings to allow FortiSIEM to communicate with your MySQL Server over JDBC for Synthetic Transaction Monitoring, Snort Audit, or McAfee VulnMgr:

Setting	Value
Name	<name>
Device Type	Oracle MySQL
Access Protocol	JBDC
Used For	Synthetic Transaction Monitoring, Snort Audit, or McAfee VulnMgr
Pull Interval (minutes)	5
Port	1433
Database Name	<database name>
User Name	The administrative user for the database server
Password	The password associated with the administrative user

Sample events

System Level Performance Metrics

<134>Apr 21 19:06:07 10.1.2.8 java: [PH_DEV_MON_PERF_MYSQLDB]: [eventSeverity]=PHL_INFO,
[hostIpAddr]=172.16.22.227, [hostName]=MYSQL, [appGroupName]=MySQL Database
Server, [appVersion]=MySQL 5.6.11, [charSetting]=utf8, [dbConnections]=24, [dbComUpdate]=0, [dbComSelect]=1, [dbComInsert]=0,
[dbComDelete]=0, [dbCreatedTmpTables]=0, [dbSlowQueries]=0, [dbQcacheHits]=0, [dbQcacheQueriesinCache]=0,
[dbQuestions]=7, [dbThreadsConnected]=1, [dbThreadsRunning]=1

Table Space Performance Metrics

<134>Apr 29 10:06:07 172.16.22.227 java: [PH_DEV_MON_PERF_MYSQLDB_TABLESPACE]: [eventSeverity]=PHL_INFO, [appGroupName]=MySQL Database Server, 
[instanceName]=mysql, [tablespaceName]=general_log, [tablespaceType]=PERMANENT, [tablespaceUsage]=0.01, [tablespaceFreeSpace]=4193886, 
[dbEngine]=MyISAM, [tableVersion]=10, [tableRowFormat]=dynamic, [tableRows]=124, [tableAvgRowLength]=80, [tableIndexLength]=1024, 
[tableCreateTime]=2013-04-29 15:12:30, [tableUpdateTime]=2013-04-29 12:35:46, [tableCollation]=utf8_general_ci

System Level Performance Metrics

<134>Apr 21 19:06:07 10.1.2.8 java: [PH_DEV_MON_PERF_MYSQLDB]: [eventSeverity]=PHL_INFO,
[hostIpAddr]=172.16.22.227, [hostName]=MYSQL, [appGroupName]=MySQL Database
Server, [appVersion]=MySQL 5.6.11, [charSetting]=utf8, [dbConnections]=24, [dbComUpdate]=0, [dbComSelect]=1, [dbComInsert]=0,
[dbComDelete]=0, [dbCreatedTmpTables]=0, [dbSlowQueries]=0, [dbQcacheHits]=0, [dbQcacheQueriesinCache]=0,
[dbQuestions]=7, [dbThreadsConnected]=1, [dbThreadsRunning]=1

Logon/Logoff Events

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_ Logon_Success]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [logonTime]=2013-04-29 15:14:54, [logoffTime]=, [actionName]=Connect, [msg]=admin@172.16.22.227 on

<134>Apr 10 14:29:22 abc-desktop java: [MYSQL_Logoff]:[eventSeverity]=PHL_INFO, [eventTime]=2013-04-10 14:29:22, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [logonTime]=, [logoffTime]=2014-04-10 14:29:22, [actionName]=quit, [msg]=

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_ Logon_Fail]: [eventSeverity]=PHL_WARN, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227,
 [srcIp]=172.16.22.227, [user]=admin, [logonTime]=2013-04-29 15:14:54, [logoffTime]=, [actionName]=Connect, 
[msg]=Access denied for user 'admin'@'172.16.22.227' (using password: YES)

Database CREATE/DELETE/MODIFY Events

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Create_database]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=create database sliutest

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Drop_database]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=drop database sliutest

Table CREATE/DELETE/MODIFY Events

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Create_table]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=CREATE TABLE tutorials_tbl(     tutorial_id INT NOT NULL AUTO_INCREMENT, 
tutorial_title VARCHAR(100) NOT NULL,     tutorial_author VARCHAR(40) NOT NULL,     submission_date DATE,     PRIMARY KEY ( tutorial_id )    )

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Delete_table]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=DELETE FROM tutorials_tbl WHERE tutorial_id=2NOT NULL,     
tutorial_author VARCHAR(40) NOT NULL,     submission_date DATE,     PRIMARY KEY ( tutorial_id )    

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Insert_table]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=INSERT INTO tutorials_tbl       (tutorial_title, tutorial_author, submission_date)  
    VALUES      ("Learn Java", "John Smith", NOW())

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Drop_table]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=DROP table sliutable

What is Discovered and Monitored

Protocol	Information discovered	Metrics collected	Used for
SNMP	Application type	Process level CPU and memory utilization	Performance Monitoring
WMI	Application type, service mappings	Process level metrics: uptime, CPU utilization, Memory utilization, Read I/O KBytes/sec, Write I/O KBytes/sec	Performance Monitoring
JDBC		Generic database information: Version, Character Setting
JDBC		Database performance metrics: User COnnections, Table Updates, table Selects, Table Inserts, Table Deletes, Temp Table Creates, Slow Queries, Query cache Hits, Queries registered in cache, Database Questions, Users, Live Threads Table space performance metrics: Table space name, table space type, Character set and Collation, table space usage, table space free space, Database engine, Table version, Table Row Format, Table Row Count, Average Row Length, Index File length, Table Create time, Table Update Time	Performance Monitoring
JDBC	None	Database audit trail: Successful and failed database log on, Database CREATE/DELETE/MODIFY operations, Table CREATE/DELETE/MODIFY/INSERT operations	Security Monitoring

Event Types

In ADMIN > Device Support > Event, search for "mysql" in the Device Type and Description columns to see the event types associated with this device.

Rules

In RESOURCE > Rules, search for "mysql" in the Name column to see the rules associated with this application or device.

Reports

In RESOURCE > Reports , search for ""mysql" in the Name and Description columns to see the reports associated with this application or device.

Configuration

SNMP

JDBC for Database Auditing - MySQL Server

You must configure your MySQL Server to write audit logs to a database table. This topic in the MySQL documentation explains more about how to set the destination tables for log outputs.

Start MySQL server with TABLE output enabled.

bin/mysqld_safe --user=mysql --log-output=TABLE &

SET @old_log_state = @@global.general_log;
SET GLOBAL general_log = 'OFF';
ALTER TABLE mysql.general_log ENGINE = MyISAM;
SET GLOBAL general_log = @old_log_state;
SET GLOBAL general_log = 'ON';

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting	Value
Name	<set name>
Device Type	Generic
Access Protocol	SNMP
Community String	<your own>

Settings for MySQL Server JBDC Access Credentials for Performance Monitoring

Use these Access Method Definition settings to allow FortiSIEM to communicate with your MySQL Server over JDBC for performance monitoring:

Setting	Value
Name	MySQL-Performance-Monitoring
Device Type	Oracle MySQL
Access Protocol	JBDC
Used For	Performance Monitoring
Pull Interval (minutes)	5
Port	3306
User Name	The administrative user for the database server
Password	The password associated with the administrative user

Settings for MySQL Server JBDC Access Credentials for Database Auditing

Use these Access Method Definition settings to allow FortiSIEM to communicate with your MySQL Server over JDBC for database auditing:

Setting	Value
Name	MySQL-Audit
Device Type	Oracle MySQL
Access Protocol	JBDC
Used For	Audit
Pull Interval (minutes)	5
Port	1433
Database Name	<database name> (mysql)
Audit Table	general_log
User Name	The administrative user for the database server
Password	The password associated with the administrative user

Settings for MySQL Server JBDC Access Credentials for Synthetic Transaction Monitoring, Snort Audit, McAfee VulnMgr

Use these Access Method Definition settings to allow FortiSIEM to communicate with your MySQL Server over JDBC for Synthetic Transaction Monitoring, Snort Audit, or McAfee VulnMgr:

Setting	Value
Name	<name>
Device Type	Oracle MySQL
Access Protocol	JBDC
Used For	Synthetic Transaction Monitoring, Snort Audit, or McAfee VulnMgr
Pull Interval (minutes)	5
Port	1433
Database Name	<database name>
User Name	The administrative user for the database server
Password	The password associated with the administrative user

Sample events

System Level Performance Metrics

<134>Apr 21 19:06:07 10.1.2.8 java: [PH_DEV_MON_PERF_MYSQLDB]: [eventSeverity]=PHL_INFO,
[hostIpAddr]=172.16.22.227, [hostName]=MYSQL, [appGroupName]=MySQL Database
Server, [appVersion]=MySQL 5.6.11, [charSetting]=utf8, [dbConnections]=24, [dbComUpdate]=0, [dbComSelect]=1, [dbComInsert]=0,
[dbComDelete]=0, [dbCreatedTmpTables]=0, [dbSlowQueries]=0, [dbQcacheHits]=0, [dbQcacheQueriesinCache]=0,
[dbQuestions]=7, [dbThreadsConnected]=1, [dbThreadsRunning]=1

Table Space Performance Metrics

<134>Apr 29 10:06:07 172.16.22.227 java: [PH_DEV_MON_PERF_MYSQLDB_TABLESPACE]: [eventSeverity]=PHL_INFO, [appGroupName]=MySQL Database Server, 
[instanceName]=mysql, [tablespaceName]=general_log, [tablespaceType]=PERMANENT, [tablespaceUsage]=0.01, [tablespaceFreeSpace]=4193886, 
[dbEngine]=MyISAM, [tableVersion]=10, [tableRowFormat]=dynamic, [tableRows]=124, [tableAvgRowLength]=80, [tableIndexLength]=1024, 
[tableCreateTime]=2013-04-29 15:12:30, [tableUpdateTime]=2013-04-29 12:35:46, [tableCollation]=utf8_general_ci

System Level Performance Metrics

<134>Apr 21 19:06:07 10.1.2.8 java: [PH_DEV_MON_PERF_MYSQLDB]: [eventSeverity]=PHL_INFO,
[hostIpAddr]=172.16.22.227, [hostName]=MYSQL, [appGroupName]=MySQL Database
Server, [appVersion]=MySQL 5.6.11, [charSetting]=utf8, [dbConnections]=24, [dbComUpdate]=0, [dbComSelect]=1, [dbComInsert]=0,
[dbComDelete]=0, [dbCreatedTmpTables]=0, [dbSlowQueries]=0, [dbQcacheHits]=0, [dbQcacheQueriesinCache]=0,
[dbQuestions]=7, [dbThreadsConnected]=1, [dbThreadsRunning]=1

Logon/Logoff Events

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_ Logon_Success]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [logonTime]=2013-04-29 15:14:54, [logoffTime]=, [actionName]=Connect, [msg]=admin@172.16.22.227 on

<134>Apr 10 14:29:22 abc-desktop java: [MYSQL_Logoff]:[eventSeverity]=PHL_INFO, [eventTime]=2013-04-10 14:29:22, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [logonTime]=, [logoffTime]=2014-04-10 14:29:22, [actionName]=quit, [msg]=

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_ Logon_Fail]: [eventSeverity]=PHL_WARN, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227,
 [srcIp]=172.16.22.227, [user]=admin, [logonTime]=2013-04-29 15:14:54, [logoffTime]=, [actionName]=Connect, 
[msg]=Access denied for user 'admin'@'172.16.22.227' (using password: YES)

Database CREATE/DELETE/MODIFY Events

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Create_database]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=create database sliutest

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Drop_database]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=drop database sliutest

Table CREATE/DELETE/MODIFY Events

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Create_table]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=CREATE TABLE tutorials_tbl(     tutorial_id INT NOT NULL AUTO_INCREMENT, 
tutorial_title VARCHAR(100) NOT NULL,     tutorial_author VARCHAR(40) NOT NULL,     submission_date DATE,     PRIMARY KEY ( tutorial_id )    )

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Delete_table]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=DELETE FROM tutorials_tbl WHERE tutorial_id=2NOT NULL,     
tutorial_author VARCHAR(40) NOT NULL,     submission_date DATE,     PRIMARY KEY ( tutorial_id )    

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Insert_table]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=INSERT INTO tutorials_tbl       (tutorial_title, tutorial_author, submission_date)  
    VALUES      ("Learn Java", "John Smith", NOW())

<134>Apr 29 15:14:54 abc-desktop java: [MYSQL_Drop_table]: [eventSeverity]=PHL_INFO, [eventTime]=2013-04-29 15:14:54, [rptIp]=172.16.22.227, 
[srcIp]=172.16.22.227, [user]=admin, [actionName]=Query, [msg]=DROP table sliutable

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

External Systems Configuration Guide

MySQL Server

MySQL Server

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

SNMP

JDBC for Database Auditing - MySQL Server

Settings for Access Credentials

Sample events

System Level Performance Metrics

Table Space Performance Metrics