DB Monitoring for mariaDB

Hi All,

I have installed PAM 3.5 manager on suse linux system.We are trying to configure MariaDB for Database monitoring.

Following are the steps I have followed.

1. MariaDB is installed on a centos system.
2. I have created Database connector for MariaDB.
3. open port 13306 inside centos
4. Create policy for mariadb inside Command control.

Inside reporting there is no log coming MariaDB.

>> Do we need to install PAM agent for it or not?
>> If not please suggest a way to do it.
  • I believe the default port for MariaDB is 3306/tcp, so that would need to be permitted on the centos server where the MariaDB instance is running. PAM connects to this, client connects to PAM via 13306 or the configured DB Proxy Port.

    DB Client -> (:13306 DB Proxy Port) PAM DB Connector -> (:3306 DB Server Port) MariaDB instance

    Other details regarding Database Proxy in PAM can be found below (cmdctrl rule details, proxy diagram, steps for MariaDB, etc.):
    https://www.netiq.com/documentation/privileged-account-manager-35/npam_admin/data/t46b6i636j6s.html
  • I believe the default port for MariaDB is 3306/tcp, so that would need to be permitted on the centos server where the MariaDB instance is running. PAM connects to this, client connects to PAM via 13306 or the configured DB Proxy Port.

    DB Client -> (:13306 DB Proxy Port) PAM DB Connector -> (:3306 DB Server Port) MariaDB instance

    Other details regarding Database Proxy in PAM can be found below (cmdctrl rule details, proxy diagram, steps for MariaDB, etc.):
    https://www.netiq.com/documentation/privileged-account-manager-35/npam_admin/data/t46b6i636j6s.html
  • I believe the default port for MariaDB is 3306/tcp, so that would need to be permitted on the centos server where the MariaDB instance is running. PAM connects to this, client connects to PAM via 13306 or the configured DB Proxy Port.

    DB Client -> (:13306 DB Proxy Port) PAM DB Connector -> (:3306 DB Server Port) MariaDB instance

    Other details regarding Database Proxy in PAM can be found below (cmdctrl rule details, proxy diagram, steps for MariaDB, etc.):
    https://www.netiq.com/documentation/privileged-account-manager-35/npam_admin/data/t46b6i636j6s.html
  • Hi Tdharris,

    Do you know how to login inside mariaDB through DBproxy :13306. I am trying following command

    [root@devio ~]# mysql -h 192.168.33 -u root --port=13306 -p
    Enter password:
    ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.33' (110)


    While I telnet following result is showing.

    [root@devio ~]# telnet 192.168.1.33 13306
    Trying 192.168.1.33...
    Connected to 192.168.1.33.
    Escape character is '^]'.
    R
    5.5.52-MariaDBj6j5g(0▒KN%lqsmLquxzmysql_native_password^CConnection closed by foreign host.


    Which means mariadb service is running on pam server(192.168.1.33).

    Please guys help me the client want to see all the activities inside mariadb.
  • frankabhinav;2487877 wrote:
    Hi Tdharris,

    Do you know how to login inside mariaDB through DBproxy :13306. I am trying following command



    While I telnet following result is showing.



    Which means mariadb service is running on pam server(192.168.1.33).

    Please guys help me the client want to see all the activities inside mariadb.


    By default root is only allowed to connect from local host: https://mariadb.com/kb/en/library/configuring-mariadb-for-remote-client-access/

    Thomas
  • Hi Thomas,

    I tried this option too inside /etc/mysql/my.cnf.

    [mysqld]
    ...
    skip-networking
    ...
    bind-address = 192.168.133
    port=13306
    ...


    Still we are unable login.

    Please see the following log.

    180921 14:12:49 InnoDB: Starting shutdown...
    180921 14:12:49 InnoDB: Shutdown completed; log sequence number 158767473
    180921 14:12:49 [Note] /usr/libexec/mysqld: Shutdown complete

    180921 14:12:50 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended
    180921 14:15:52 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
    180921 14:15:52 [Note] /usr/libexec/mysqld (mysqld 5.5.52-MariaDB) starting as process 4779 ...
    180921 14:15:52 InnoDB: The InnoDB memory heap is disabled
    180921 14:15:52 InnoDB: Mutexes and rw_locks use GCC atomic builtins
    180921 14:15:52 InnoDB: Compressed tables use zlib 1.2.7
    180921 14:15:52 InnoDB: Using Linux native AIO
    180921 14:15:52 InnoDB: Initializing buffer pool, size = 128.0M
    180921 14:15:52 InnoDB: Completed initialization of buffer pool
    180921 14:15:52 InnoDB: highest supported file format is Barracuda.
    180921 14:15:52 InnoDB: Waiting for the background threads to start
    180921 14:15:53 Percona XtraDB (http://www.percona.com) 5.5.49-MariaDB-38.0 started; log sequence number 158767473
    180921 14:15:53 [Note] Plugin 'FEEDBACK' is disabled.
    180921 14:15:53 [Note] Server socket created on IP: '192.168.1.33'.
    180921 14:15:53 [ERROR] Can't start server: Bind on TCP/IP port. Got error: 99: Cannot assign requested address
    180921 14:15:53 [ERROR] Do you already have another mysqld server running on port: 13306 ?
    180921 14:15:53 [ERROR] Aborting
  • frankabhinav;2487883 wrote:
    Hi Thomas,

    I tried this option too inside /etc/mysql/my.cnf.



    Still we are unable login.

    Please see the following log.


    Hi Frank,
    Can you check the following -
    1. Are you able to connect and login directly to the MariaDB? That would confirm
    2. If you are trying over SSL/TLS you will have to import MariaDB certificate in PAM server - you could look @ the documentation pointed to by Tyler earlier in this mail thread for more details. As an alternative to begin with you may want to try non-SSL connection first and then get into SSL. For non-SSL with mysqlsh you need pass the option --ssl-mode=DISABLED
    3. If that does not work we will look @ logging for analysis.

    Hope this helps...

    -KPRajesh