How to set up a scan of a MySQL database

book

Article ID: 159414

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Network Discover

Issue/Introduction

Is it possible to scan MySQL?  In the past customers have been successfully able to do this.  

Resolution

From a setup scenario, Discover SQL scanning has only been tested against the following Databases:

Oracle 11, Oracle 12, Oracle 18 (the <vendor name> is oracle)
SQL Server 2014, 2016 (the <vendor name> is sqlserver)
DB2 10.5 (the <vendor name> is db2)

Setup instructions are outlined in the Symantec DLP 15.7 Administration Guide beginning on page 2333, with specific configuration options beginning on page 2338.


Note:  You need to specify the JDBC from the MySQL driver you wish to utilize.

In addition to the MySQL driver you will use, you must also identify the protocol.  Then you should perform the following steps:

1. Obtain the JDBC driver

2. Place the file in the jdbc lib directory of the Discover server in SymantecDLP\Protect\lib\jdbc

3. Modify the permissions on jdbc driver so that the Protect user has full r/w/x

4. Add the following entry in the sqldatabasecrawler.properties file via the following

- On the Discover box go to the vontu/protect/config directory
- Make a backup copy of sqldatabasecrawler.properties
- Add/Edit the following for MySQL

# mysql
driver_jar.mysql = <file name of the jar file such as mysql-connector-java-5.1.21-bin.jar>
driver_class.mysql = com.mysql.jdbc.Driver
driver_subprotocol.mysql = mysql
driver_table_query.mysql = show tables
driver_row_selector.mysql  = SELECT {1.EN_US} FROM {0.EN_US} LIMIT {2.EN_US}
quote_table_names.mysql = false

5. Add the credentials to the scan target and use the following syntax for the connection string:

mysql://hostname or
mysql://hostname:3306/<database name>

6. Run the scan against the created scan target