I am new to ELK stacking so I am trying to check all its capabilities.
Actually, I am trying to monitor mysql database and see what information I can get using beats agents.
One thing I can't find is user/login field in a packetbeat for mysql authentication.
I know that I can have this information by enabling general log in mysql and ship it to logstash and then parse this data.
But I think easier and more efficient to use packetbeat and extract this information through packets.
Is there any way to get mysql user activity without impacting performance of machine / generating massive log files (TCP dumps / general logs)