In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
Download the MySQL audit plug-in
Https://github.com/mcafee/mysql-audit/releases
Or
This article uses the mcafee official website to download the linked software:
Https://dl.bintray.com/mcafee/mysql-audit-plugin/
For detailed configuration, please refer to the official documentation:
Https://github.com/mcafee/mysql-audit/wiki/Installation
Extract the file:
Unzip audit-plugin-mysql-5.7-1.1.7-805-linux-x86_64.zip
Copy the installation package libaudit_plugin.so file to the plugin_dir directory:
Root@localhost 10:07: [(none)] > show global variables like 'plugin_dir'
+-- +
| | Variable_name | Value |
+-- +
| | plugin_dir | / usr/local/mysql/lib/plugin/ |
+-- +
1 row in set (0.00 sec)
Cp audit-plugin-mysql-5.7-1.1.7-805/lib/libaudit_plugin.so / usr/local/mysql/lib/plugin/
Chmod + x / usr/local/mysql/lib/plugin/libaudit_plugin.so
Install the plug-in:
Root@localhost 10:18: [(none)] > INSTALL PLUGIN AUDIT SONAME 'libaudit_plugin.so'
Query OK, 0 rows affected (0.73 sec)
Confirm:
Root@localhost 10:18: [(none)] > root@localhost 10:18: [(none)] > SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'audit%'
+-+ +
| | PLUGIN_NAME | PLUGIN_STATUS |
+-+ +
| | AUDIT | ACTIVE |
+-+ +
1 row in set (0.00 sec)
Audit is not enabled by default. Enable audit:
Set global audit_json_file=on
Set global audit_record_cmds='delete,update,create_table,create_db,drop_db,drop_table,alter_table,grant,truncate'
View the audit log output name:
Root@localhost 10:23: [(none)] > show global variables like 'audit_json_log_file'
+-+ +
| | Variable_name | Value |
+-+ +
| | audit_json_log_file | mysql-audit.json |
+-+ +
1 row in set (0.00 sec)
Edit the profile to add:
[mysqld]
Audit_json_file=on
Audit_record_cmds='delete,update,create_table,create_db,drop_db,drop_table,alter_table,grant,truncate'
The mysql-audit.json file is under datadir by default. Check the contents of the audit log:
Tail-f mysql-audit.json
{"msg-type": "activity", "date": "1552273694556", "thread-id": "3", "query-id": "13", "user": "root", "priv_user": "root", "ip": "" host ":" localhost "," connect_attrs ": {" _ os ":" linux-glibc2.12 "," _ client_name ":" libmysql "," _ pid ":" 20105 "," _ client_version ":" 5.7.24 " "_ platform": "x86, 64", "program_name": "mysql"}, "pid": "20105", "os_user": "root", "appname": "mysql", "status": "0", "cmd": "create_db", "query": "create database app_store"}
Description of common parameters:
1. Audit_json_file=on | off
Whether to enable the audit function
2. Audit_json_log_file
Path and name information of audit file
3. Audit_record_cmds
Commands recorded by audit. Default is to record all commands.
You can set it to any combination of dml, dcl and ddl as needed:
For example: audit_record_cmds= "select,insert,delete,update"
4. Audit_record_objs
Audit records the objects or tables of operations. The default is to record all objects.
You can also specify the following format
Audit_record_objs= "* .table _ name,db_name.*,db_name.table_name"
5. Audit_whitelist_users
You can set a whitelist:
Such as set global audit_whitelist_users= "root,admin"
If your audit audit has a large number of logs, you can consider log segmentation, set log compression and retention days:
Vi / etc/logrotate.d/mysql-audit
/ data/mysql/data/mysql-audit.json {
Daily
Copytruncate
Compress
Rotate 7
Dateext
Dateformat.% Y-%m-%d
}
Manually generate log cuts:
Logrotate-vf / etc/logrotate.d/mysql-audit
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.