DAS2.0.2版本 数据库审计日志: SYSLOG接口头部+[record_id]+[dev]+[date]+[log_type]+[src_ip]+[src_port]+[dst_ip]+[dst_port]+[record_time]+[ret_id]+[db_usr]+[aff_rows]+[sql]
WEB审计日志: SYSLOG接口头部+[record_id]+[dev]+[date]+[log_type]+[src_ip]+[src_port]+[dst_ip]+[dst_port]+[record_time]+[ret_id]+[web_way]+[url]
数据库风险日志: SYSLOG接口头部+[record_id]+[dev]+[date]+[log_type]+[src_ip]+[src_port]+[dst_ip]+[dst_port]+[record_time]+[ret_id]+[db_user]+[aff_rows]+[risk]+[sql]
数据库审计日志示例: 11-06-2019 16:28:15 Local3.Notice 10.66.64.158 Nov 6 16:31:05 localhost load_db[9073]: "record_id:2","dev:14EE9470","date:20191106","log_type:db_audit","src_ip:200.200.66.19","src_port:23057","dst_ip:200.200.64.19","dst_port:3306","record_time:16:25:31","ret_id:0","db_usr:root","db_name:","db_type:Mysql","table_name:","operate:NONE","data_base_manage:","aff_rows:0","sql:SET NAMES utf8"
数据库风险日志示例: 11-06-2019 16:28:15 Local3.Notice 10.66.64.158 Nov 6 16:31:05 localhost load_db[9073]: "record_id:9","dev:14EE9470","date:20191106","log_type:risk_db_audit","src_ip:200.200.66.19","src_port:23058","dst_ip:200.200.64.19","dst_port:3306","record_time:16:25:31","ret_id:0","db_usr:root","db_name:","db_type:Mysql","table_name:","operate:NONE","data_base_manage:","aff_rows:0","r_cnt:1","r_type0:高权存储过程","r_rule0:高权存储过程","r_pri0:high risk","sql:SHOW PROCEDURE STATUS WHERE Db='discuz'"
DAS的syslog外发字段 字段 内容 record_id 数据库日志序号 dev 数据库设备ID date 日期 log_type 日志类型 src_ip 源IP src_port 源端口 dst_ip 目的IP dst_port 目的端口 record_time 记录时间 ret_id 成功失败 db_usr 用户 db_name 数据库名称 db_type 数据库类型 table_name 表名 operate 操作 data_base_manage 客户端名 aff_rows 返回行数/影响行数 sql 数据库语句 |