# MySQL error log(PLC)

{% hint style="info" %}
Rsyslog : MySQL Error 로그와 Slow-Query 취합을 위한 설정
{% endhint %}

### 1. rsyslog conf 설정 <a href="#id-1" id="id-1"></a>

1-1. 설정

```bash
vi /etc/rsyslog.d/80-mysql.conf
```

<pre><code><strong>#variables required for non-syslog log file forwarding – mysql error
</strong>#edit on your location

input(type=”imfile”
File=”/var/log/mysqld.log”
Tag=”mysqld-errors”
Severity=”error”
Facility=”local7″)

input(type=”imfile”
File=”/var/log/mysql-slow.log”
Tag=”mysql-slow”
Severity=”notice”
Facility=”local7″)

###### Creates a template for each log file in the Logentries UI
### logic to apply the relevant templates to the different log files

if $programname == ‘mysqld-errors’ then /var/log/plura/ceelog-127.0.0.1.log;CEETemplate
:programname, isequal, “mysqld-errors” ~

if $programname == ‘mysql-slow’ then /var/log/plura/ceelog-127.0.0.1.log;CEETemplate
:programname, isequal, “mysql-slow” ~
</code></pre>

1-2. rsyslog 데몬 재시작

```bash
systemctl restart rsyslog
```

1-3. PLURA V5 repo 에서 다운로드 받기

```bash
wget https://repo.plura.io/v5/module/rsyslog/80-mysql.conf
curl https://repo.plura.io/v5/module/rsyslog/80-mysql.conf -o /etc/rsyslog.d/80-mysql.conf
```

### 2. MySQL – SLOW QUERY 설정 <a href="#id-2" id="id-2"></a>

2-1. 설정

```bash
vi /etc/my.cnf

[mysqld]
slow_query_log = 1
slow_query_log_file = /var/log/mysql-slow.log
long_query_time = 3
```

2-2. 로그 파일 생성 및 권한 설정

<pre class="language-bash"><code class="lang-bash"><strong>touch /var/log/mysql-slow.log
</strong>chown mysql.mysql /var/log/mysql-slow.log
</code></pre>

2-3. 권한 확인

```bash
ls -aZ /var/log/mysql*
```

<figure><img src="https://qubitsec.github.io/docs/images/Ins_G/rsys_mysql/1.png" alt="" width="563"><figcaption></figcaption></figure>

2-4. mysql 데몬 재시작

```bash
systemctl restart mysqld
```

2-5. 활성화 확인

```bash
mysql> show variables like ‘slow_query_%’;
```

<figure><img src="https://qubitsec.github.io/docs/images/Ins_G/rsys_mysql/2.png" alt="" width="563"><figcaption></figcaption></figure>

### 3. 로그 확인 <a href="#id-3" id="id-3"></a>

* Error 또는 Slow Query 발생 후 호스트 로그에서 MySQL 관련 로그를 확인
* 로그 예시 : [전체로그 > 호스트](https://docs.plura.io/ko/function/common/flog/host)

<figure><img src="https://qubitsec.github.io/docs/images/Ins_G/rsys_mysql/3.png" alt="" width="563"><figcaption></figcaption></figure>

### 참고 사이트 <a href="#id-4" id="id-4"></a>

> <https://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.plura.io/ko/agents/siem/uplc/mysql-error-log-plc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.