log analysis software Secilog 1.18 released, increased the MySQL database audit, added a number of Web reports, the log query made more friendly new features, the previous article 1.17, interested to understand. This upgrade mainly adds the following features:
added MySQL database audit
MySQL Audit main there are several ways, commonly used is to analyze the Binlog function of MySQL, and binlog analysis can not be analyzed in real time, there is a problem is binlog binary content, need to rely on third-party system can be analyzed. There is also a common way to analyze MySQL requests through sniffer, and we are mainly using sniffer to analyze MySQL logs.
MySQL Sniffer collection needs to be installed Agent,agent is the source location as follows: ? h? Ttps://github.com/zhulinu/secimysql,
after the download, the compiler can go to the agent and configure the syslog after the compilation is complete. /etc/rsyslog.conf Add a row
local0.* @ip
The information in the message is also modified, otherwise the record is repeated
*.info;mail.none;authpriv.none;cron.none/var/log/messages change to the following content
*.info;mail.none;authpriv.none;cron.none;local0.none/var/log/messages
Then start listening in the background
Nohup./mysqlsniffer eth0 –Port 3306--no-mysql-hdrs &
This way, MySQL's audit is well-configured. Let's look at the effect of the audit:
Production See details:
can identify login log out, query and other information.
Added a web report
A further 4 reports were added on top of the previous six reports: including browser distribution, operating system distribution, file type distribution, and crawler distribution. At the same time the system also audit to the operating system type, for the mobile browser to identify the QQ browser and the UC browser two domestic use more. At the same time for mobile phone access to identify the phone model and manufacturers, at present, due to sample problems to identify the Meizu, LG, Apple, Samsung and several other mobile phones, the latter will gradually increase.
The following is a report overview.
For more information, a few additions to Web Access are as follows:
Optimizing Log Queries
The field detailed query is added so that the conditional input is more convenient.
Added basic Help for queries. When the user clicks on the IP, the system will automatically find the IP address information, convenient for users to view.
The above is the main content of the upgrade, of course, also fixed some bugs, not listed.
Welcome everyone to download the use, unchanged, or http://pan.baidu.com/s/1qWt7Hxi.
The next version plans to do the audit of SFTP, Ftp,squid and other audit, will continue to optimize the Web report, near please look forward to.
Secilog 1.18 released added MySQL audit, multiple Web reports, etc.