Shulou(Shulou.com)06/01 Report--

[root@wallet01 ~] # cd / usr/lib64/mysql/plugin [root@wallet01 plugin] # chmod axix server_ audit.so [root @ wallet01 plugin] # ls-l server_audit.so-rwxr-xr-x 1 root root 236710 Aug 28 09:12 server_ audit.so [ro ot@wallet01 ~] # mysql-uroot-pAbcd@1234mysql > install plugin server_audit SONAME 'server_audit.so';Query OK, 0 rows affected (0.03 sec) mysql > set global server_audit_logging=on Query OK, 0 rows affected (0.00 sec) mysql > set global server_audit_events = 'query,table,query_ddl,query_dml';Query OK, 0 rows affected (0.00 sec) mysql > set global server_audit_incl_users='tpcc';Query OK, 0 rows affected (0.00 sec) mysql > set global server_audit_file_rotations=0;Query OK, 0 rows affected (0.00 sec)

Server_audit_logging

By default, audit logging is set to off. To enable it, set the server_audit_logging variable to on.

Server_audit_events

Description: if set, audit logging is limited to certain event types. If it is not set, each event type is recorded in the audit log.

Event type

CONNECT: connections, disconnections, and failed connections, including error codes

QUERY: queries executed in plain text and their results, including queries that fail due to syntax or permission errors

TABLE: tables affected by query execution

QUERY_DDL: same as QUERY, but only filters queries of type DDL (create, alter, drop, rename and truncate statements, except create/ drop [procedure / function/user] and rename user (they are not DDL)

QUERY_DML: same as QUERY, but only filters queries of type DML (do, call, load data/xml, delete, insert, select, update, handler and replace statements)

QUERY_DCL: same as QUERY, but only filter queries of type DCL (create user, drop user, rename user, grant, revoke, and set password statements)

QUERY_DML_NO_SELECT: same as QUERY_DML, but does not record SELECT queries. (since version 1.4.4) (do, call, load data/xml, delete, insert, update, handler and replace statements)

Since there are other types of queries besides DDL and DML, using the query DDL with the query DML option is not the same as using a query. Starting with version 1.3.0 of the Audit plug-in, there are QUERY_DCL options for recording DCL types of queries, such as GRANT and REVOKE statements. In the same release, the server_audit_query_log_limit variable was added so that the length of logging could be set. Previously, log entries were truncated due to the long query string.

Server_audit_incl_users

Description: if not empty, it contains a comma-separated list of users whose activities will be recorded. Connection records are not affected by this variable-they are always recorded. This setting takes precedence over server_audit_excl_users. Therefore, if the same user is specified in both the include and excl lists, they will still be logged.

Server_audit_excl_users

Description: if not empty, contains a list of users whose activities will not be logged. Connection records are not affected by this variable-they are always recorded

Server_audit_output_type

Logs can be written to separate files or system logs. If you want to separate logging from other system information, you should set the variable value server_audit_output_type to file

Server_audit_file_path

Description: when server_audit_output_type=file, set the path and file name to the log file. If the specified path exists in the form of a directory, a log named 'server_audit.log' is created in that directory. Otherwise, the value is treated as a file name. The default value is' server_audit.log'. This means that this file will be created in the database directory.

In addition to setting up server_audit_output_type, you must also provide the file path and name of the audit file. This is set in the variable server_audit_file_path. You can use the variable server_audit_file_rotate_size to set the file size limit for log files. Therefore, if rotation is enabled and the log file has reached the size limit you set, a copy is created with a consecutive number as the extension, and the original file is truncated for re-audit. To limit the number of log files created, set the variable server_audit_file_rotations. You can force log file rotation by setting the variable server_audit_file_rotate_now to on. When the allowed number of files is reached, the oldest files will be overwritten.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.