MySQL Logs

Overview

Evidence: MySQL Logs Description: Collect MySQL Logs Category: Applications Platform: linux Short Name: myl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

MySQL database server logs on Linux capture database queries, errors, slow queries, authentication events, and server operations. These logs are critical for tracking database activities and security incidents.

Data Collected

This collector gathers structured data about mysql logs.

Collection Method

This collector gathers MySQL logs from /var/log/mysql, which typically contains error logs, slow query logs, and general query logs if enabled.

Forensic Value

MySQL logs are critical for investigating SQL injection attacks, unauthorized database access, data exfiltration, privilege escalation, and database compromise. They provide query history and authentication attempt records.