Capturing SQL Traffic from XTAM SSH Tunnel Sessions Over Non-Standard Ports

The following section describes how to enable SQL Traffic to be recorded to a session’s Session Event report when the tunnel is using non-standard ports (for example, not port 3306 for MySQL or port 1433 for MS SQL).

  1. Login to XTAM as a System Administration and navigate to Administration > Record Types.
  2.  

  3. Find the Record Type that is being used for your SSH Tunnel session and click its Edit button.
  4.  

  5. On the Record Type’s Edit page, click the Add Field button and create a new field with the following configuration:
  6.  

    Capture-SQL-Traffic-SSH-Tunnel-Create-Hint-Field

     

  7. Save the field and save the Record Type.
  8.  

  9. Navigate to the record that is being used to create your SSH Tunnel session and click its Edit button.
  10. In this new Traffic Intercepter Hints field enter your port hint. The hint is a comma-, space- or semicolon-separated list of protocols and ports that should be recorded. For example the hint mssql:1444 mysql:3333 instructs recording of the MS SQL Server traffic connecting to port 1444 and MySQL traffic connecting to port 3333.
  11. When finished, Save the record changes and follow the procedure described in the previous section to complete the configuration and to test the results.

Capturing SQL Traffic from Tunnel Sessions Over Standard Ports