# MySQL error log(PLC)

{% hint style="info" %}
Rsyslog:MySQL ErrorログとSlow-Query収集のための設定
{% endhint %}

### 1. rsyslog conf 設定 <a href="#id-1" id="id-1"></a>

1-1. 設定

```bash
vi /etc/rsyslog.d/80-mysql.conf
```

<pre><code><strong>#variables required for non-syslog log file forwarding – mysql error
</strong>#edit on your location

input(type=”imfile”
File=”/var/log/mysqld.log”
Tag=”mysqld-errors”
Severity=”error”
Facility=”local7″)

input(type=”imfile”
File=”/var/log/mysql-slow.log”
Tag=”mysql-slow”
Severity=”notice”
Facility=”local7″)

###### Creates a template for each log file in the Logentries UI
### logic to apply the relevant templates to the different log files

if $programname == ‘mysqld-errors’ then /var/log/plura/ceelog-127.0.0.1.log;CEETemplate
:programname, isequal, “mysqld-errors” ~

if $programname == ‘mysql-slow’ then /var/log/plura/ceelog-127.0.0.1.log;CEETemplate
:programname, isequal, “mysql-slow” ~
</code></pre>

1-2. rsyslog デーモン再起動

```bash
systemctl restart rsyslog
```

1-3. PLURA V5 repoからダウンロードする

```bash
wget https://repo.plura.io/v5/module/rsyslog/80-mysql.conf
curl https://repo.plura.io/v5/module/rsyslog/80-mysql.conf -o /etc/rsyslog.d/80-mysql.conf
```

### 2. MySQL – SLOW QUERY 設定 <a href="#id-2" id="id-2"></a>

2-1. 設定

```bash
vi /etc/my.cnf

[mysqld]
slow_query_log = 1
slow_query_log_file = /var/log/mysql-slow.log
long_query_time = 3
```

2-2. ログ ファイルの作成と権限設定

<pre class="language-bash"><code class="lang-bash"><strong>touch /var/log/mysql-slow.log
</strong>chown mysql.mysql /var/log/mysql-slow.log
</code></pre>

2-3. 権限確認

```bash
ls -aZ /var/log/mysql*
```

<figure><img src="https://qubitsec.github.io/docs/images/Ins_G/rsys_mysql/1.png" alt="" width="563"><figcaption></figcaption></figure>

2-4. mysql デーモン再起動

```bash
systemctl restart mysqld
```

2-5. 活性化確認

```bash
mysql> show variables like ‘slow_query_%’;
```

<figure><img src="https://qubitsec.github.io/docs/images/Ins_G/rsys_mysql/2.png" alt="" width="563"><figcaption></figcaption></figure>

### 3. ログ確認 <a href="#id-3" id="id-3"></a>

* ErrorまたはSlow Query発生後、ホストログからMySQL関連ログを確認
* ログ例 : 全体ログ > ホスト

<figure><img src="/files/1JaLny0axr9vJliWtxk5" alt=""><figcaption></figcaption></figure>

### 参考サイト <a href="#id-4" id="id-4"></a>

> <https://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.plura.io/ja/agents/siem/uplc/mysql-error-log-plc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.