SQL Traffic Recording

XTAM Session Event recording enables the ability to save SQL statements to the Session Events Logs when connecting to a MySQL or MS SQL Server database through the use of a SSH Proxy tunnel using native clients such as MySQL Workbench, MS SQL Studio, command line SQL prompts or other client applications. The option to record this SQL traffic helps management and auditors to understand typical administration activities, alert stakeholders about suspicious queries or to comply with regulations.

 

Capture-SQL-Traffic-SSH-Tunnel-MySQL-768x197

 

The traffic recording option is enabled automatically for XTAM channels opened through the SSH Tunnel using the database’s standard ports (port 3306 for MySQL and port 1433 for MS SQL). It is also possible to provide hints to the SSH Tunnel to enable traffic monitoring established over non-standard ports. See the section below named Capturing SQL Traffic from XTAM SSH Tunnel Sessions Over Non-Standard Ports for configuration.

 

The traffic recording option is enabled by XTAM’s Session Control Recording roles. To capture the SQL traffic of a user or group, simply assign one of the Session Control levels that include the with Session Events options. More information about XTAM Permission Levels can be found here.

 

Capturing SQL Traffic from XTAM SSH Tunnel Sessions Over Standard Ports

 

The following section describes how to enable SQL Traffic to be recorded to a session’s Session Event report when the tunnel is using standard ports (for example, port 3306 for MySQL or port 1433 for MS SQL). It is assumed that an SSH Tunnel session is already configured properly in XTAM.

 

Capturing SQL Traffic from XTAM SSH Tunnel Sessions Over Non-Standard Ports