can DB connect be used to connect to RDS instances...

soumyasaha2506 · ‎05-23-2018

can DB connect be used to connect to RDS instances (oracle, MySQL and MSSQL), if so is there any documentation detailing the steps of integration.
i am currently looking at multiple DB instances that are on RDS. I want to integrate the authentication and audit related logs of these databases to be sent to splunk for security use cases.
Later, i might also be interested in other data from the db instances.

Currently i am unable to find any information on the integration, wondering if db connect can do it, if so once the connection is setup do i have to run the query similar to how i did for regular db instances or is there something different for RDS.

anwarmian · ‎02-09-2025

You have two options:
DBConnect - You can bring audit logs from Oracle DBA_AUDIT_TRAIL table. Make sure the DBA has configured to send the audit logs to DBA_AUDIT_TRAIL. If other RDS databases have option to store audit logs to a table/view you can also bring the logs via dbconnect.
AWS RDS Logs -- Have AWS Cloudwatch collect the RDS logs put them in an S3 bucket. Bring the RDS logs to Splunk via SQS-Based S3 inputs using Splunk Add-on for AWS. You can then build a parser for search - time and display the result in a dashboard.

niketn · ‎06-27-2018

@soumyasaha2506, as suggested by @jcoates on #dbconnect on slack please configure them same way you do any Database connection. Just provide the Connection URL and Port

You would need to lookup AWS Documentation for JDBC URL (for example for Oracle): https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToOracleInstance.html

Or for SQL Server: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToMicrosoftSQLServerInstance.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

jlvix1 · ‎05-23-2018

Sorry what do you mean by RDS? Remote Desktop Services? If you mean RDB (Relational DataBase) then the answer is yes, you can connect to all three of those, it's tricky learning how to but there are lots of examples kicking about, as well as your ability to investigate third party apps that use DB connector, I learned how to use it via reverse engineering the Mcafee app.

There are different ways to harvest DB data and this would relate to the result sets of the queries, so for example scalar queries will return a single value, tabular will return rows that come in to Splunk, or perhaps you can tell DB connector to download/sync a table regularly. It's something you will need to master, but typically you run SQL commands against the servers as a client would.

soumyasaha2506 · ‎05-23-2018

by RDS i mean Amazon Relational Database Service (https://aws.amazon.com/rds/).
As per Wikipedia- "It is a web service running "in the cloud" designed to simplify the setup, operation, and scaling of a relational database for use in applications. Complex administration processes like patching the database software, backing up databases and enabling point-in-time recovery are managed automatically. Scaling storage and compute resources can be performed by a single API call."

My bad should have mentioned in the question itself.

EDIT: Added a snippet of wikipedia explanation of RDS. Hope it helps

jlvix1 · ‎05-23-2018

You should check compatibility then for DB connector, this is clearly defined.

Lots of the AWS stuff is REST enabled so failing the DB connector, look towards the REST connector in splunk - but beware you will be starting from scratch, you may end up creating a new component based on that! Please share if you do :).

cheers

can DB connect be used to connect to RDS instances (oracle, MySQL and MSSQL), if so is there any documentation detailing the steps of integration.

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...