Versions Compared

Version Old Version 1 New Version Current
Changes made by

Aparna Rr

Aparna Rr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
minLevel1
maxLevel3
outlinefalse
styledisc
typelist
printabletrue

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in

Accenture MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents

Port Requirements

Table 1-1: Port requirements for LCP communication.

Source

Destination

Destination Port

Description

MariaDB Server

LCP

10014 (Secure TCP)

Default port

Configuring MariaDB Event Collector

The below steps are validated on following Linux distribution - Ubuntu 24.04.1 LTS.

Pre-requisites

  • Ensure MariaDB Server is installed and running in the machine.

  • Ensure that mariadb server_audit plugin library must be located in the mariadb plugin directory. This library can be found named as the server_audit.so or server_audit.dll as shared library in MariaDB packages directory with default installation.

Install and Configure MariaDB Server Audit Plugin

  1. Login into CLI with root or similar privileges.

  2. Add following configuration in the various config blocks of mariadb configuration file /etc/mysql/mariadb.conf.d/50-server.cnf to enable logging using Server Audit Plugin.

    1. Under [server] block add following lines:

      Code Block
      [server]
plugin_load_add = server_audit
server_audit_logging=ON

       

    2. Under [mysqld] block add following lines -

      Code Block
      [mysqld]
server_audit_events=connect,query,table
server_audit_output_type=file

       

      image-20250204-132442.png

    3. Optional Step - If customer wishes to implement log file rotation then it can be done by adding following lines under [mysqld] block.

      Code Block
      server_audit_file_rotate_now=ON
server_audit_file_rotate_size=1000000
server_audit_file_rotations=5

       

      image-20250212-135017.png

       

  3. Restart mariadb service.

    Code Block
    systemctl restart mariadb.service

After restarting the mariadb service, it should start logging in the file.
If default settings are implimented then logs should be written under default directory path /var/lib/mysql/server_audit.log

NxLog Configuration

Info

Contact MxDR on-boarding engineer to get CyberHub certificate.

...

Logs does not contain time zone information so it is recommended sending logs in UTC.

LCP Configuration Parameters

Table 1-2: The MariaDB event collector (Generic- 4039) properties to be configured by MDR are shown in the table.

...