Shulou(Shulou.com)06/01 Report--

Download the MySQL audit plug-in

Https://github.com/mcafee/mysql-audit/releases

Or

This article uses the mcafee official website to download the linked software:

Https://dl.bintray.com/mcafee/mysql-audit-plugin/

For detailed configuration, please refer to the official documentation:

Https://github.com/mcafee/mysql-audit/wiki/Installation

Extract the file:

Unzip audit-plugin-mysql-5.7-1.1.7-805-linux-x86_64.zip

Copy the installation package libaudit_plugin.so file to the plugin_dir directory:

Root@localhost 10:07: [(none)] > show global variables like 'plugin_dir'

+-- +

| | Variable_name | Value |

+-- +

| | plugin_dir | / usr/local/mysql/lib/plugin/ |

+-- +

1 row in set (0.00 sec)

Cp audit-plugin-mysql-5.7-1.1.7-805/lib/libaudit_plugin.so / usr/local/mysql/lib/plugin/

Chmod + x / usr/local/mysql/lib/plugin/libaudit_plugin.so

Install the plug-in:

Root@localhost 10:18: [(none)] > INSTALL PLUGIN AUDIT SONAME 'libaudit_plugin.so'

Query OK, 0 rows affected (0.73 sec)

Confirm:

Root@localhost 10:18: [(none)] > root@localhost 10:18: [(none)] > SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'audit%'

+-+ +

| | PLUGIN_NAME | PLUGIN_STATUS |

+-+ +

| | AUDIT | ACTIVE |

+-+ +

1 row in set (0.00 sec)

Audit is not enabled by default. Enable audit:

Set global audit_json_file=on

Set global audit_record_cmds='delete,update,create_table,create_db,drop_db,drop_table,alter_table,grant,truncate'

View the audit log output name:

Root@localhost 10:23: [(none)] > show global variables like 'audit_json_log_file'

+-+ +

| | Variable_name | Value |

+-+ +

| | audit_json_log_file | mysql-audit.json |

+-+ +

1 row in set (0.00 sec)

Edit the profile to add:

[mysqld]

Audit_json_file=on

Audit_record_cmds='delete,update,create_table,create_db,drop_db,drop_table,alter_table,grant,truncate'

The mysql-audit.json file is under datadir by default. Check the contents of the audit log:

Tail-f mysql-audit.json

{"msg-type": "activity", "date": "1552273694556", "thread-id": "3", "query-id": "13", "user": "root", "priv_user": "root", "ip": "" host ":" localhost "," connect_attrs ": {" _ os ":" linux-glibc2.12 "," _ client_name ":" libmysql "," _ pid ":" 20105 "," _ client_version ":" 5.7.24 " "_ platform": "x86, 64", "program_name": "mysql"}, "pid": "20105", "os_user": "root", "appname": "mysql", "status": "0", "cmd": "create_db", "query": "create database app_store"}

Description of common parameters:

1. Audit_json_file=on | off

Whether to enable the audit function

2. Audit_json_log_file

Path and name information of audit file

3. Audit_record_cmds

Commands recorded by audit. Default is to record all commands.

You can set it to any combination of dml, dcl and ddl as needed:

For example: audit_record_cmds= "select,insert,delete,update"

4. Audit_record_objs

Audit records the objects or tables of operations. The default is to record all objects.

You can also specify the following format

Audit_record_objs= "* .table _ name,db_name.*,db_name.table_name"

5. Audit_whitelist_users

You can set a whitelist:

Such as set global audit_whitelist_users= "root,admin"

If your audit audit has a large number of logs, you can consider log segmentation, set log compression and retention days:

Vi / etc/logrotate.d/mysql-audit

/ data/mysql/data/mysql-audit.json {

Daily

Copytruncate

Compress

Rotate 7

Dateext

Dateformat.% Y-%m-%d

}

Manually generate log cuts:

Logrotate-vf / etc/logrotate.d/mysql-audit

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.