概述
查看mysql插件目录:
mysql> SHOW GLOBAL VARIABLES LIKE 'plugin_dir';
+---------------+------------------------+
| Variable_name | Value |
+---------------+------------------------+
| plugin_dir | /opt/mysql/lib/plugin/ |
+---------------+------------------------+
1 row in set (0.00 sec)
复制下载的so文件至plugin_dir,创建日志目录
cd /opt/tools/audit-plugin-mysql-5.6-1.1.6-784/lib
cp libaudit_plugin.so /opt/mysql/lib/plugin/
mkdir /home/mysql/3306/audit_log/
chown mysql.mysql /home/mysql/3306/audit_log/
下载offset脚本,根据版本计算
wget https://raw.github.com/mcafee/mysql-audit/master/offset-extract/offset-extract.sh
chmod +x offset-extract.sh
[root@docker1 /opt/tools 19:42:56&&11]#./offset-extract.sh /opt/mysql/bin/mysqld
//offsets for: /opt/mysql/bin/mysqld (5.6.35)
{"5.6.35","c48fe13e444883af96c7f134cd0c952b", 6992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516},
配置my.cnf,在mysqld块里面加入以下内容:
plugin-load=AUDIT=libaudit_plugin.so
audit_offsets=6992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516
audit_json_file=ON
audit_json_log_file=/home/mysql/3306/audit_log/mysql-audit.json
audit_record_cmds=insert,delete,update,create,drop,revoke,alter,grant,set #针对这些语句来审计
重启mysql数据库
service mysql restart
验证是否生效:
SHOW GLOBAL STATUS LIKE 'AUDIT_version'; #查看版本
SHOW GLOBAL VARIABLES LIKE 'audit_json_file'; #查看是否开启
show plugins; #查看安装的插件
重要的参数说明:
1. audit_json_file #是否开启audit功能
2. audit_json_log_file #记录文件的路径和名称信息
3. audit_record_cmds #audit记录的命令,默认为记录所有命令可以设置为任意dml、dcl、ddl的组合 如:audit_record_cmds=select,insert,delete,update 还可以在线设置set global audit_record_cmds=NULL(表示记录所有命令)
4.audit_record_objs
audit记录操作的对象,默认为记录所有对象,可以用SET GLOBAL audit_record_objs=NULL设置为默认。也可以指定为下面的格式:audit_record_objs=,test.*,mysql.*,information_schema.*。
其他配置参数参考: https://github.com/mcafee/mysql-audit/wiki/Configuration
测试:
CREATE TABLE `t1` ( `id` int(10) NOT NULL AUTO_INCREMENT, `age` tinyint(4) NOT NULL DEFAULT '0', `name` varchar(30) NOT NULL DEFAULT '', PRIMARY KEY (`id`) )DEFAULT CHARSET=utf8;
INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('1', '1');
INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('3', '3');
INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('4', '4');
INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('5', '5');
update t1 set name='6' where age='5';
delete from t1 where age='1'; select * from t1;
#查看审计日志
[root@docker1 /opt/tools 19:43:00&&12]#cat /home/mysql/3306/audit_log/mysql-audit.json
{"msg-type":"header","date":"1532167436580","audit-version":"1.1.6-784","audit-protocol-version":"1.0","hostname":"docker1","mysql-version":"5.6.35-log","mysql-program":"/opt/mysql/bin/mysqld","mysql-socket":"/tmp/my3306.sock","mysql-port":"3306","server_pid":"43306"} {"msg-type":"activity","date":"1532167889630","thread-id":"9","query-id":"54","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `t1` (`age`, `name`) VALUES ('2', '2')"} {"msg-type":"activity","date":"1532167962813","thread-id":"8","query-id":"68","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('1', '1')"} {"msg-type":"activity","date":"1532167962831","thread-id":"8","query-id":"69","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('3', '3')"} {"msg-type":"activity","date":"1532167962849","thread-id":"8","query-id":"70","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('4', '4')"} {"msg-type":"activity","date":"1532167962867","thread-id":"8","query-id":"71","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('5', '5')"} {"msg-type":"activity","date":"1532168079332","thread-id":"8","query-id":"87","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"update","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"update t1 set name='6' where age='5'"} {"msg-type":"activity","date":"1532168113498","thread-id":"8","query-id":"103","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"delete","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"delete from t1 where age='1'"}
最后
以上就是斯文小松鼠为你收集整理的mysql审计插件安装_MYSQL - 安装审计插件的全部内容,希望文章能够帮你解决mysql审计插件安装_MYSQL - 安装审计插件所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复