FAQ: Encrypting MySQL Traffic with ommysql Plugin
Question
I’m using the ommysql plugin to write log entries to a MariaDB. Is it possible to encrypt the MySQL traffic on port 3306?
Answer
Yes, it is possible to encrypt the MySQL traffic on port 3306 when using the ommysql plugin with rsyslog. This is configurable through the MySQL or MariaDB configuration file specified by the MySQLConfig.File parameter.
Steps to Enable TLS
Configure MySQL/MariaDB Server - Update your MySQL or MariaDB configuration file (usually my.cnf or my.ini) to enable SSL/TLS. - Add the following parameters to specify the CA certificate, server certificate, and server key:
[mysqld] ssl-ca=/path/to/ca-cert.pem ssl-cert=/path/to/server-cert.pem ssl-key=/path/to/server-key.pem
Ensure these paths point to the correct certificate files on your server.
Update rsyslog Configuration - Configure rsyslog to use the ommysql plugin and specify the MySQL configuration file that includes the TLS settings:
module(load="ommysql") action( type="ommysql" server="your-mariadb-server" serverport="3306" db="your-database" uid="your-username" pwd="your-password" mysqlconfig.file="/path/to/my.cnf" )
Additional Resources
See also
Help with configuring/using Rsyslog
:
Mailing list - best route for general questions
GitHub: rsyslog source project - detailed questions, reporting issues that are believed to be bugs with
Rsyslog
See also
Contributing to Rsyslog
:
Source project: rsyslog project README.
Documentation: rsyslog-doc project README
Copyright 2008-2023 Rainer Gerhards (Großrinderfeld), and Others.