Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

MySQL audit plug-in use

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Share

Shulou(Shulou.com)06/01 Report--

Download the MySQL audit plug-in

Https://github.com/mcafee/mysql-audit/releases

Or

This article uses the mcafee official website to download the linked software:

Https://dl.bintray.com/mcafee/mysql-audit-plugin/

For detailed configuration, please refer to the official documentation:

Https://github.com/mcafee/mysql-audit/wiki/Installation

Extract the file:

Unzip audit-plugin-mysql-5.7-1.1.7-805-linux-x86_64.zip

Copy the installation package libaudit_plugin.so file to the plugin_dir directory:

Root@localhost 10:07: [(none)] > show global variables like 'plugin_dir'

+-- +

| | Variable_name | Value |

+-- +

| | plugin_dir | / usr/local/mysql/lib/plugin/ |

+-- +

1 row in set (0.00 sec)

Cp audit-plugin-mysql-5.7-1.1.7-805/lib/libaudit_plugin.so / usr/local/mysql/lib/plugin/

Chmod + x / usr/local/mysql/lib/plugin/libaudit_plugin.so

Install the plug-in:

Root@localhost 10:18: [(none)] > INSTALL PLUGIN AUDIT SONAME 'libaudit_plugin.so'

Query OK, 0 rows affected (0.73 sec)

Confirm:

Root@localhost 10:18: [(none)] > root@localhost 10:18: [(none)] > SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'audit%'

+-+ +

| | PLUGIN_NAME | PLUGIN_STATUS |

+-+ +

| | AUDIT | ACTIVE |

+-+ +

1 row in set (0.00 sec)

Audit is not enabled by default. Enable audit:

Set global audit_json_file=on

Set global audit_record_cmds='delete,update,create_table,create_db,drop_db,drop_table,alter_table,grant,truncate'

View the audit log output name:

Root@localhost 10:23: [(none)] > show global variables like 'audit_json_log_file'

+-+ +

| | Variable_name | Value |

+-+ +

| | audit_json_log_file | mysql-audit.json |

+-+ +

1 row in set (0.00 sec)

Edit the profile to add:

[mysqld]

Audit_json_file=on

Audit_record_cmds='delete,update,create_table,create_db,drop_db,drop_table,alter_table,grant,truncate'

The mysql-audit.json file is under datadir by default. Check the contents of the audit log:

Tail-f mysql-audit.json

{"msg-type": "activity", "date": "1552273694556", "thread-id": "3", "query-id": "13", "user": "root", "priv_user": "root", "ip": "" host ":" localhost "," connect_attrs ": {" _ os ":" linux-glibc2.12 "," _ client_name ":" libmysql "," _ pid ":" 20105 "," _ client_version ":" 5.7.24 " "_ platform": "x86, 64", "program_name": "mysql"}, "pid": "20105", "os_user": "root", "appname": "mysql", "status": "0", "cmd": "create_db", "query": "create database app_store"}

Description of common parameters:

1. Audit_json_file=on | off

Whether to enable the audit function

2. Audit_json_log_file

Path and name information of audit file

3. Audit_record_cmds

Commands recorded by audit. Default is to record all commands.

You can set it to any combination of dml, dcl and ddl as needed:

For example: audit_record_cmds= "select,insert,delete,update"

4. Audit_record_objs

Audit records the objects or tables of operations. The default is to record all objects.

You can also specify the following format

Audit_record_objs= "* .table _ name,db_name.*,db_name.table_name"

5. Audit_whitelist_users

You can set a whitelist:

Such as set global audit_whitelist_users= "root,admin"

If your audit audit has a large number of logs, you can consider log segmentation, set log compression and retention days:

Vi / etc/logrotate.d/mysql-audit

/ data/mysql/data/mysql-audit.json {

Daily

Copytruncate

Compress

Rotate 7

Dateext

Dateformat.% Y-%m-%d

}

Manually generate log cuts:

Logrotate-vf / etc/logrotate.d/mysql-audit

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Database

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report