Aurora MySQL

This is a Logstash Aurora MySQL filter plug-in for IBM Guardium® Data Protection Universal Connector.

Before you begin

Tip: See the Supported data source matrix to get information about the supported Guardium Data Protection and Guardium Data Security Center versions, database version, and environment needed for the plug-in.

Plug-in availability:

Aurora-MySQL-Guardium Logstash filter and the input-plug-in is by default available in Guardium Data Protection versions 12.x as a whole package.

About this task

The Guardium universal connector is the Guardium entry point for native audit logs. The Guardium universal connector identifies and parses the received events, and converts them to a standard Guardium format. The output of the Guardium universal connector is forwarded to the Guardium sniffer on the collector, for policy and auditing enforcements. Configure Guardium to read the native audit logs by customizing the aurora-mysql template.

You must configure CloudWatch input plug-in and then configure the Aurora Myself filter plug-in to get the data from the Aurora database.

Remember: The steps mentioned for product other than IBM are subject to change. IBM is not responsible for any such changes. Always refer to the official product-specific documentation.

Procedure

Configure the CloudWatch input plug-in.
To audit the database activity, see Using Advanced Auditing with an Amazon Aurora MySQL DB cluster.
Download or monitor the Aurora MySQL DB cluster logs by using the AWS CLI or Amazon RDS API. For more information, see Viewing and listing database log files.
To authorizing outgoing traffic from AWS to Guardium Data Protection, complete the following steps:
1. Log in to the Guardium API.
2. Run the following command one after the other.
```
grdapi add_domain_to_universal_connector_allowed_domains domain=amazonaws.com
grdapi add_domain_to_universal_connector_allowed_domains domain=amazon.com
```

What to do next

Configure the universal connector by either using the legacy flow or the new flow. The new flow is only available from Guardium Data Protection version 12.1 and later.

To configure the plug-in by using the legacy mode, see Configuring a universal connector by using the legacy workflow.

Important:

You must upload the plug-in .zip file if you have Guardium Data Protection version 12.0 or later.
If you have installed Guardium Data Protection 11.0p540, 11.0p6505, and 12p15, upload the offline cloudwatch_logs plug-in along with the plug-in in step 6 of Configuring a universal connector by using the legacy workflow topic.

12.1 and later To configure the plug-in by using the new flow, see Configuring a universal connector by using a Central Manager.