This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Can't create ODBC with mysql(8.0.25) RSANW(11.6.0.0)

Go to solution
MaximMarchenko
Occasional Contributor
Occasional Contributor

‎2021-07-07 12:07 AM

Hello.

Can't create ODBC with mysql(8.0.25) RSANW(11.6.0.0)

The error is:

NwLogCollector[16282]: [OdbcCollection] [failure] An error occurred creating an ODBC connection for DSN: TEST_HA The trapped error is: Unable to create an ODBC connection. DSN: TEST_HA; username: user; reason: state: 08001; error-code: 139938624438272; description: [RSA][ODBC 20101 driver]7505state: 60; error-code: 139938624440275; description: [RSA][ODBC 20101 driver]2003

My DSN driver is:

/opt/netwitness/odbc/lib/R3mysql27.so

Telnet fo 3306 is OK.

And I'm able to connect with these creds to the DB(using HeidiSQL, for example).

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
VincentWareham
Frequent Contributor Frequent Contributor
Frequent Contributor
In response to MaximMarchenko

‎2021-07-08 09:02 PM

Hello Maxim

Let me repeat MySQL log collection is not officially supported by NetWitness using the ODBC collection method, so you may not be able to resolve this issue.

However should you wish to try some other ideas on your own, please see the following.

1. The error you have observed also shows the code, 2003 - "Can't connect to MySQL server on '%s1'"

See if this MySQL article helps, https://dev.mysql.com/doc/refman/8.0/en/can-not-connect-to-server.html

If SELinux is stopping the proper use of the driver, /opt/netwitness/odbc/lib/R3mysql27.so then try a test be setting SELinux from "enforcing" to "permissive" with the command, "setenforce permissive"

The command "sestatus" will show the current mode of SELinux on the NetWitness appliance.

2. If you want try another unsupported driver then see the following RSA Blog article which has a link to other MySQL odbc drivers.

Integrating a MySQL (community) database with NetWitness for Logs - https://community.rsa.com/t5/rsa-netwitness-platform-blog/integrating-a-mysql-community-database-with-netwitness-for-logs/ba-p/520476

3. If none of the above works and you still want official support for MySQL Enterprise 8.0 then create a new Idea for RSA NetWitness on the RSA Link website.

You can click on "Submit an Idea" and describe your suggestion on the webpage, RSA Ideas for the RSA NetWitness Platform - https://community.rsa.com/t5/rsa-netwitness-platform-ideas/idb-p/netwitness-ideas

This is the location where you can make this sort of enhancement request, and also see what other Customers are suggesting.

RSA Product Management monitors these suggestions and will consider the ideas that are most voted for by Customers.

Good luck.

View solution in original post

4 REPLIES 4

Go to solution
VincentWareham
Frequent Contributor Frequent Contributor
Frequent Contributor

‎2021-07-08 02:41 AM

Hello Maxim

1. As MySQL log collection is not supported by NetWitness via the ODBC collection method, you might be using a custom ODBC query file under the Log Collector /etc/netwitness/ng/logcollection/content/collection/odbc directory.

The "state: 60" in the error message might indicate an error in the custom SQL query syntax.

Check the SQL query works when remotely connected to your MySQL database using the login credentials that NetWitness is configured to use.

2. In the NW UI, Admin > Services > {Log Collector} > Config
Event Sources tab, ODBC > DSNs
Check all the settings are correct for accessing a MySQL database via ODBC.
Confirm those entries appears correctly in the /etc/netwitness/ng/odbc.ini file on the Log Collector and test if the Log Collector can connect using the /usr/bin/NwOdbcExample program.

RSA KB Reference: Test an ODBC connection from a RSA Security Analytics Log Collector - https://community.rsa.com/t5/rsa-netwitness-platform/test-an-odbc-connection-from-a-rsa-security-analytics-log/ta-p/11245

Go to solution
MaximMarchenko
Occasional Contributor
Occasional Contributor
In response to VincentWareham

‎2021-07-08 04:16 AM - edited ‎2021-07-08 04:16 AM

Hello, Vincent.

Thank you for reply.

1) I've already made custom ODBC typespec file & parser file.

SQL query works fine when I connect remotely.

2) All settings are correct as far as I can connect remotely with the same creds, I've doublechecked it several times.

3) I've already used methods to test connection with RSA support - no use, it show the same error: 60.

I think the reason is in MySQL driver of RSA NW itself, don't see any other options.

Is there any info about compatible versions of MySQL for driver /opt/netwitness/odbc/lib/R3mysql27.so?

0 Likes

Go to solution
VincentWareham
Frequent Contributor Frequent Contributor
Frequent Contributor
In response to MaximMarchenko

‎2021-07-08 09:02 PM

Hello Maxim

Let me repeat MySQL log collection is not officially supported by NetWitness using the ODBC collection method, so you may not be able to resolve this issue.

However should you wish to try some other ideas on your own, please see the following.

1. The error you have observed also shows the code, 2003 - "Can't connect to MySQL server on '%s1'"

See if this MySQL article helps, https://dev.mysql.com/doc/refman/8.0/en/can-not-connect-to-server.html

If SELinux is stopping the proper use of the driver, /opt/netwitness/odbc/lib/R3mysql27.so then try a test be setting SELinux from "enforcing" to "permissive" with the command, "setenforce permissive"

The command "sestatus" will show the current mode of SELinux on the NetWitness appliance.

2. If you want try another unsupported driver then see the following RSA Blog article which has a link to other MySQL odbc drivers.

Integrating a MySQL (community) database with NetWitness for Logs - https://community.rsa.com/t5/rsa-netwitness-platform-blog/integrating-a-mysql-community-database-with-netwitness-for-logs/ba-p/520476

3. If none of the above works and you still want official support for MySQL Enterprise 8.0 then create a new Idea for RSA NetWitness on the RSA Link website.

You can click on "Submit an Idea" and describe your suggestion on the webpage, RSA Ideas for the RSA NetWitness Platform - https://community.rsa.com/t5/rsa-netwitness-platform-ideas/idb-p/netwitness-ideas

This is the location where you can make this sort of enhancement request, and also see what other Customers are suggesting.

RSA Product Management monitors these suggestions and will consider the ideas that are most voted for by Customers.

Good luck.

Go to solution
MaximMarchenko
Occasional Contributor
Occasional Contributor
In response to VincentWareham

‎2021-07-09 12:52 AM

Hello, Vincent.

Thanks for reply.

1. selinux - disabled/permissive - same result.

2. I've tried 8.0.25(my mysql version) and also 5.3.13,5.3.4 connectors according your article(https://community.rsa.com/t5/rsa-netwitness-platform-blog/integrating-a-mysql-community-database-with-netwitness-for-logs/ba-p/520476) and get this error:

Test connection failed:Error! An error occurred creating an ODBC connection for DSN: PIDEA_TEST_HA The trapped error is: Unable to create an ODBC connection. DSN: PIDEA_TEST_HA; username: siem_user; reason: state: 81; error-code: 140097538228224; description: 523 80

3. For sure I will submit the idea, but I see some posts complains about no success in getting Mysql ODBC event starting 2016 year and no implement of modern MySQL(Community) still in RSA NW.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.