Set ossec to monitor mysql logs on red hat (not log ossec in mysql)
Ossec is super. I was having a hard time googling this so I read the stupid configs and figured it out. Edit your ossec.conf file, add to the <!– files to monitor section-
<localfile>
<log_format>mysql_log</log_format>
<location>/var/log/yourlogfile.log</location>
</localfile>
Restart ossec and it should start reading your mysql logs now. Anyone have additional rules to add in for mysql?