码迷,mamicode.com
首页 > 数据库 > 详细

mysql行为审记

时间:2017-03-22 20:57:39      阅读:303      评论:0      收藏:0      [点我收藏+]

标签:hub   schema   插件   .com   ems   init   system   class   read   

插件源码地址
https://github.com/mcafee/mysql-audit
插件安装方法
https://github.com/mcafee/mysql-audit/wiki/Installation
插件下载地址
https://bintray.com/mcafee/mysql-audit-plugin/release/1.0.9-585

1、查看mysql插件存放目录
mysql> SHOW GLOBAL VARIABLES LIKE ‘plugin_dir‘;
+---------------+-----------------------------------+
| Variable_name | Value |
+---------------+-----------------------------------+
| plugin_dir | /usr/local/mysql/lib/plugin/ |
+---------------+-----------------------------------+
1 row in set (0.01 sec)

2、复制libaudit_plugin.so 至 mysql插件目录
mv libaudit_plugin.so /usr/local/mysql/lib/plugin/
chmod a+x /usr/local/mysql/lib/plugin/*
chown mysql:mysql /usr/local/mysql/lib/plugin/*

3、安装插件
初使使用在线安装,但是安装失败
mysql> INSTALL PLUGIN AUDIT SONAME ‘libaudit_plugin.so‘;
ERROR 1524 (HY000): Plugin ‘AUDIT‘ is not loaded

然后使用修改配置,然后重启数据库,官方推荐使用修改配置方式安装。
Note: On production systems, McAfee recommends using the plugin-load option for installing the audit plugin.


修改my.cnf文件,添加加载审计插件代码
plugin-load=AUDIT=libaudit_plugin.so
audit_json_file=1
audit_force_record_logins=1
audit_json_file_sync=1
audit_whitelist_users=test2,test1 #不记录行为的用户

audit_whitelist_cmds =BEGIN,COMMIT,SELECT  #这个参数看需要要不要设,过滤掉查询的

重启数据库
/etc/init.d/mysql.server restart

 

[root@localhost mysql]# tail mysql-audit.json
{"msg-type":"activity","date":"1490176712103","thread-id":"3","query-id":"0","user":"root","priv_user":"root","host":"localhost","cmd":"Connect","query":"Connect"}
{"msg-type":"activity","date":"1490176712106","thread-id":"3","query-id":"11","user":"root","priv_user":"root","host":"localhost","cmd":"select","query":"select @@version_comment limit 1"}
{"msg-type":"activity","date":"1490176724747","thread-id":"3","query-id":"12","user":"root","priv_user":"root","host":"localhost","cmd":"select","query":"SELECT DATABASE()"}
{"msg-type":"activity","date":"1490176724748","thread-id":"3","query-id":"13","user":"root","priv_user":"root","host":"localhost","cmd":"Init DB","objects":[{"db":"test","obj_type":"DATABASE"}],"query":"Init DB"}
{"msg-type":"activity","date":"1490176724754","thread-id":"3","query-id":"14","user":"root","priv_user":"root","host":"localhost","cmd":"show_databases","objects":[{"db":"information_schema","name":"/tmp/#sql_a6c_0","obj_type":"TABLE"}],"query":"show databases"}
{"msg-type":"activity","date":"1490176724769","thread-id":"3","query-id":"15","user":"root","priv_user":"root","host":"localhost","cmd":"show_tables","objects":[{"db":"information_schema","name":"/tmp/#sql_a6c_0","obj_type":"TABLE"}],"query":"show tables"}
{"msg-type":"activity","date":"1490176724771","thread-id":"3","query-id":"16","user":"root","priv_user":"root","host":"localhost","cmd":"show_fields","query":"show_fields"}
{"msg-type":"activity","date":"1490176753954","thread-id":"3","query-id":"17","user":"root","priv_user":"root","host":"localhost","cmd":"show_tables","objects":[{"db":"information_schema","name":"/tmp/#sql_a6c_0","obj_type":"TABLE"}],"query":"show tables"}
{"msg-type":"activity","date":"1490176769225","thread-id":"3","query-id":"18","user":"root","priv_user":"root","host":"localhost","cmd":"select","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"select * from t1"}
{"msg-type":"activity","date":"1490176779812","thread-id":"3","query-id":"19","user":"root","priv_user":"root","host":"localhost","cmd":"Quit","query":"Quit"}

 

mysql行为审记

标签:hub   schema   插件   .com   ems   init   system   class   read   

原文地址:http://www.cnblogs.com/ericzh/p/6601710.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
周排行
mamicode.com排行更多图片
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!