Skip to content
AIR Knowledge Base

MySQL Logs

Overview

Section titled “Overview”

Evidence: MySQL Logs
Description: Collect MySQL Logs
Category: Applications
Platform: linux
Short Name: myl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Section titled “Background”

MySQL database server logs on Linux capture database queries, errors, slow queries, authentication events, and server operations. These logs are critical for tracking database activities and security incidents.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about mysql logs.

Collection Method

Section titled “Collection Method”

This collector gathers MySQL logs from /var/log/mysql, which typically contains error logs, slow query logs, and general query logs if enabled.

Forensic Value

Section titled “Forensic Value”

MySQL logs are critical for investigating SQL injection attacks, unauthorized database access, data exfiltration, privilege escalation, and database compromise. They provide query history and authentication attempt records.