000032637 - Log Collector's ODBC collection from MySQL Community Server is failing in RSA NetWitness Logs & Network

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Apr 24, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032637
Applies ToRSA Product Set: RSA NetWitness Logs & Network, Security Analytics
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.x, 11.x
Platform: CentOS
When trying to configure MySQL database event source in Log Collector ODBC collection, the following error is seen in the Log Collector service log and/or /var/log/messages of the Log Collector host:

Error! An error occurred creating an ODBC connection for DSN: DsnName The trapped error is: Unable to create an ODBC connection. DSN: DsnName; username: dbuser; reason: state: S1000; error-code: 0; description: [RSA][ODBC MySQL Wire Protocol driver]Connections to MySQL Community Servers are not supported. Please contact MySQL to obtain a MySQL Enterprise or Commercial version.
CauseMySQL has three different types of servers:
  • MySQL Community Edition: Freely downloadable fully open sourced versions.
  • MySQL Standard Edition : Commercial Version.
  • MySQL Enterprise Edition: Commercial Version with additional Enterprise Features.
MySQL Webpage: https://www.mysql.com/products/

The OCBC drivers that RSA Log Collector service uses to connect to databases such as MySQL using the Open Database Connectivity (ODBC) API interface are provided by Progress Software Corporation.
The ODBC drivers support 5.0 and later versions of MySQL Standard or MySQL Enterprise servers. They do NOT support any of the MySQL Community servers.

To check the version of the database, please log into your MySQL database and issue the following query:

show variables like "%version%";
ResolutionIf it shows "MySQL Community Edition" in the "version_comment" row, then it is not supported.

For unsupported MySQL editions, it is recommended to upgrade to either Standard or Enterprise edition to collect logs from this event source.
NotesCan confirm this yourself by looking at the Progress drivers messages file in the Log Collector host:

# find /opt/netwitness/odbc/locale/en_US/LC_MESSAGES -type f -name "*.po" -print0 | xargs -0 -I % --no-run-if-empty grep -i -m1 'MySQL Community' %

Expected output is something like:

1217 "Connections to MySQL Community Servers are not supported.  Please contact MySQL to obtain a MySQL Enterprise or Commercial version."