热门标签
热门文章
- 1很薄很经典,这套写给程序员的技术书凭什么销量10万+
- 2Vue根据网络文件路径下载文件【自定义属性 v-down】_vue下载文件存放路径自定义
- 3Java教父Joshua Bloch访谈_josh bloch
- 4python开心消消乐辅助_用Python写个开心消消乐小游戏
- 5达梦数据库工具使用_达梦 truncate和replace
- 6AI编程篇-python高级进阶_ai辅助python编程
- 7如何在Windows环境下安装mysql并且设置自动启动(超详细)_windows设置mysql服务开机自启
- 8YOLOv5-Fog: A Multiobjective Visual DetectionAlgorithm for Fog Driving Scenes Based onImproved YOLOv_yolov5去雾
- 9Flink内核源码(七)Flink SQL提交流程_flinksql提交流程
- 10python一维数组排序_【Python】数组排序
当前位置: article > 正文
MySQL5.6 audit审计插件安装初探
作者:我家自动化 | 2024-06-04 14:01:45
赞
踩
audit-plugin-mysql-5.6下载
audit审计插件的二进制包下载地址:
到https://bintray.com/mcafee/mysql-audit-plugin/release网站下载5.6对应的二进制包
名字为audit-plugin-mysql-5.6-1.1.2-694-linux-x86_64.zip
查看MySQL插件目录:
mysql> show global variables like 'plugin_dir';
+---------------+------------------------------+
| Variable_name | Value |
+---------------+------------------------------+
| plugin_dir | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
1 row in set (0.00 sec)
mysql> quit
Bye
解压缩并cp libaudit_plugin.so到MySQL对应的插件目录:
# cd /root
# unzip audit-plugin-mysql-5.6-1.1.2-694-linux-x86_64.zip
Archive: audit-plugin-mysql-5.6-1.1.2-694-linux-x86_64.zip
creating: audit-plugin-mysql-5.6-1.1.2-694/
creating: audit-plugin-mysql-5.6-1.1.2-694/lib/
inflating: audit-plugin-mysql-5.6-1.1.2-694/lib/libaudit_plugin.so
inflating: audit-plugin-mysql-5.6-1.1.2-694/COPYING
inflating: audit-plugin-mysql-5.6-1.1.2-694/THIRDPARTY.txt
inflating: audit-plugin-mysql-5.6-1.1.2-694/README.txt
creating: audit-plugin-mysql-5.6-1.1.2-694/utils/
inflating: audit-plugin-mysql-5.6-1.1.2-694/utils/offset-extract.sh
# cd /root/audit-plugin-mysql-5.6-1.1.2-694/lib
# cp libaudit_plugin.so /usr/local/mysql/lib/plugin/
#cd /usr/local/mysql/lib/plugin/
# chmod +x libaudit_plugin.so
编辑/etc/my.cnf,添加如下内容:
plugin-load=AUDIT=libaudit_plugin.so
# service mysqld restart
Shutting down MySQL..... [ OK ]
Starting MySQL..... [ OK ]
或者用命令安装plugin:
mysql>INSTALL PLUGIN AUDIT SONAME 'libaudit_plugin.so';
查看安装的plugin:
mysql> show plugins;
+----------------------------+----------+--------------------+--------------------+---------+
| Name | Status | Type | Library | License |
+----------------------------+----------+--------------------+--------------------+---------+
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
| mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| mysql_old_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL |
| CSV | ACTIVE | STORAGE ENGINE | NULL | GPL |
| BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL |
| INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL |
| FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL |
| ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |
+----------------------------+----------+--------------------+--------------------+---------+
43 rows in set (0.00 sec)
可以看到最后一行有AUDIT libaudit_plugin.so的字样,说明安装成功.
mysql> SHOW GLOBAL VARIABLES LIKE 'audit%';
+---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Variable_name | Value |
+---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| audit_before_after | after |
| audit_checksum | |
| audit_client_capabilities | OFF |
| audit_delay_cmds | |
| audit_delay_ms | 0 |
| audit_force_record_logins | OFF |
| audit_header_msg | ON |
| audit_json_file | OFF |
| audit_json_file_bufsize | 1 |
| audit_json_file_flush | OFF |
| audit_json_file_retry | 60 |
| audit_json_file_sync | 0 |
| audit_json_log_file | mysql-audit.json |
| audit_json_socket | OFF |
| audit_json_socket_name | /var/run/db-audit/mysql.audit__usr_local_mysql_data_3306 |
| audit_json_socket_retry | 10 |
| audit_offsets | |
| audit_offsets_by_version | ON |
| audit_password_masking_cmds | CREATE_USER,GRANT,SET_OPTION,SLAVE_START,CREATE_SERVER,ALTER_SERVER,CHANGE_MASTER,UPDATE |
| audit_password_masking_regex | identified(?:/\*.*?\*/|\s)*?by(?:/\*.*?\*/|\s)*?(?:password)?(?:/\*.*?\*/|\s)*?['|"](?.*?)(?<!--\\)['|"]|password(?:/\*.*?\*/|\s)*?(?:/\*.∗?\*/|\s)∗?[′|"](?.∗?)(?<!−−)[′|"](?:/\*.∗?\*/|\s)∗? |password(?:/\*.*?\*/|\s)*?(?:for(?:/\*.*?\*/|\s)*?\S+?)?(?:/\*.*?\*/|\s)*?=(?:/\*.*?\*/|\s)*?['|"](?.*?)(?<!--\\)['|"]|password(?:/\*.*?\*/|\s)*?['|"](?.*?)(?<!--\\)['|"] |
| audit_record_objs | |
| audit_sess_connect_attrs | ON |
| audit_socket_creds | ON |
| audit_uninstall_plugin | OFF |
| audit_validate_checksum | ON |
| audit_validate_offsets_extended | ON |
| audit_whitelist_cmds | BEGIN,COMMIT,PING |
| audit_whitelist_users | |
+---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
29 rows in set (0.00 sec)
audit记录的命令,默认为记录所有命令
可以设置为任意dml、dcl、ddl的组合
如:audit_record_cmds=select,insert,delete,update
audit_record_objs
audit记录操作的对象,默认为记录所有对象,
可以用SET GLOBAL audit_record_objs=NULL设置为默认
也可以指定为下面的格式
audit_record_objs=,test.*,mysql.*,information_schema.*
测试如下:
查看是否开启audit功能:
mysql> show variables like 'audit_json_file';
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| audit_json_file | OFF |
+-----------------+-------+
1 row in set (0.00 sec)
开启audit功能:
mysql> set global audit_json_file=on;
Query OK, 0 rows affected (0.00 sec)
mysql> show variables like 'audit_json_file';
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| audit_json_file | ON |
+-----------------+-------+
1 row in set (0.00 sec)
审计test库的所有对象:
mysql> SET GLOBAL audit_record_objs='test.*';
Query OK, 0 rows affected (0.00 sec)
审计test库的insert,update和delete操作:
mysql> set global audit_record_cmds='insert,delete,update';
Query OK, 0 rows affected (0.00 sec)
查看记录文件的路径和名称信息:
mysql> show variables like 'audit_json_log_file';
+---------------------+------------------+
| Variable_name | Value |
+---------------------+------------------+
| audit_json_log_file | mysql-audit.json |
+---------------------+------------------+
1 row in set (0.00 sec)
文件路径如下:
mysql> system find / -name mysql-audit.json
/usr/local/mysql/data/mysql-audit.json
对test库下的person表做insert,update和delete测试:
mysql> insert into person values('5','liuyb','29');
Query OK, 1 row affected (0.03 sec)
mysql> update person set age='55' where name='dsf';
Query OK, 2 rows affected (0.04 sec)
Rows matched: 2 Changed: 2 Warnings: 0
mysql> delete from person where name='cf';
Query OK, 1 row affected (0.03 sec)
mysql> select * from person;
+----+----------+------+
| id | name | age |
+----+----------+------+
| 2 | dsf | 55 |
| 3 | dsf | 55 |
| 4 | chenfeng | 38 |
| 5 | liuyb | 29 |
+----+----------+------+
4 rows in set (0.00 sec)
打开/usr/local/mysql/data/mysql-audit.json文件查看审计数据:
[root@localhost lib]# cat /usr/local/mysql/data/mysql-audit.json
{"msg-type":"header","date":"1494389691599","audit-version":"1.1.2-694","audit-protocol-version":"1.0","hostname":"localhost","mysql-version":"5.6.27-log","mysql-program":"/usr/local/mysql/bin/mysqld","mysql-socket":"/tmp/mysql.sock","mysql-port":"3306","server_pid":"41506"}
{"msg-type":"activity","date":"1494389798201","thread-id":"6","query-id":"53","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"Linux","_client_name":"libmysql","_pid":"41662","_client_version":"5.6.27","_platform":"x86_64","program_name":"mysql"},"rows":"1","cmd":"insert","objects":[{"db":"test","name":"person","obj_type":"TABLE"}],"query":"insert into person values('5','liuyb','29')"}
{"msg-type":"activity","date":"1494389835611","thread-id":"6","query-id":"55","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"Linux","_client_name":"libmysql","_pid":"41662","_client_version":"5.6.27","_platform":"x86_64","program_name":"mysql"},"rows":"2","cmd":"update","objects":[{"db":"test","name":"person","obj_type":"TABLE"}],"query":"update person set age='55' where name='dsf'"}
{"msg-type":"activity","date":"1494390005360","thread-id":"6","query-id":"60","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"Linux","_client_name":"libmysql","_pid":"41662","_client_version":"5.6.27","_platform":"x86_64","program_name":"mysql"},"rows":"1","cmd":"delete","objects":[{"db":"test","name":"person","obj_type":"TABLE"}],"query":"delete from person where name='cf'"}
可以看到审计结果里有对test库person表的操作记录(insert,update和delete),至此,audit插件安装成功.
到https://bintray.com/mcafee/mysql-audit-plugin/release网站下载5.6对应的二进制包
名字为audit-plugin-mysql-5.6-1.1.2-694-linux-x86_64.zip
查看MySQL插件目录:
mysql> show global variables like 'plugin_dir';
+---------------+------------------------------+
| Variable_name | Value |
+---------------+------------------------------+
| plugin_dir | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
1 row in set (0.00 sec)
mysql> quit
Bye
解压缩并cp libaudit_plugin.so到MySQL对应的插件目录:
# cd /root
# unzip audit-plugin-mysql-5.6-1.1.2-694-linux-x86_64.zip
Archive: audit-plugin-mysql-5.6-1.1.2-694-linux-x86_64.zip
creating: audit-plugin-mysql-5.6-1.1.2-694/
creating: audit-plugin-mysql-5.6-1.1.2-694/lib/
inflating: audit-plugin-mysql-5.6-1.1.2-694/lib/libaudit_plugin.so
inflating: audit-plugin-mysql-5.6-1.1.2-694/COPYING
inflating: audit-plugin-mysql-5.6-1.1.2-694/THIRDPARTY.txt
inflating: audit-plugin-mysql-5.6-1.1.2-694/README.txt
creating: audit-plugin-mysql-5.6-1.1.2-694/utils/
inflating: audit-plugin-mysql-5.6-1.1.2-694/utils/offset-extract.sh
# cd /root/audit-plugin-mysql-5.6-1.1.2-694/lib
# cp libaudit_plugin.so /usr/local/mysql/lib/plugin/
#cd /usr/local/mysql/lib/plugin/
# chmod +x libaudit_plugin.so
编辑/etc/my.cnf,添加如下内容:
plugin-load=AUDIT=libaudit_plugin.so
# service mysqld restart
Shutting down MySQL..... [ OK ]
Starting MySQL..... [ OK ]
或者用命令安装plugin:
mysql>INSTALL PLUGIN AUDIT SONAME 'libaudit_plugin.so';
查看安装的plugin:
mysql> show plugins;
+----------------------------+----------+--------------------+--------------------+---------+
| Name | Status | Type | Library | License |
+----------------------------+----------+--------------------+--------------------+---------+
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
| mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| mysql_old_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL |
| CSV | ACTIVE | STORAGE ENGINE | NULL | GPL |
| BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL |
| INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL |
| FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL |
| ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |
+----------------------------+----------+--------------------+--------------------+---------+
43 rows in set (0.00 sec)
可以看到最后一行有AUDIT libaudit_plugin.so的字样,说明安装成功.
mysql> SHOW GLOBAL VARIABLES LIKE 'audit%';
+---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Variable_name | Value |
+---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| audit_before_after | after |
| audit_checksum | |
| audit_client_capabilities | OFF |
| audit_delay_cmds | |
| audit_delay_ms | 0 |
| audit_force_record_logins | OFF |
| audit_header_msg | ON |
| audit_json_file | OFF |
| audit_json_file_bufsize | 1 |
| audit_json_file_flush | OFF |
| audit_json_file_retry | 60 |
| audit_json_file_sync | 0 |
| audit_json_log_file | mysql-audit.json |
| audit_json_socket | OFF |
| audit_json_socket_name | /var/run/db-audit/mysql.audit__usr_local_mysql_data_3306 |
| audit_json_socket_retry | 10 |
| audit_offsets | |
| audit_offsets_by_version | ON |
| audit_password_masking_cmds | CREATE_USER,GRANT,SET_OPTION,SLAVE_START,CREATE_SERVER,ALTER_SERVER,CHANGE_MASTER,UPDATE |
| audit_password_masking_regex | identified(?:/\*.*?\*/|\s)*?by(?:/\*.*?\*/|\s)*?(?:password)?(?:/\*.*?\*/|\s)*?['|"](?.*?)(?<!--\\)['|"]|password(?:/\*.*?\*/|\s)*?
| audit_record_objs | |
| audit_sess_connect_attrs | ON |
| audit_socket_creds | ON |
| audit_uninstall_plugin | OFF |
| audit_validate_checksum | ON |
| audit_validate_offsets_extended | ON |
| audit_whitelist_cmds | BEGIN,COMMIT,PING |
| audit_whitelist_users | |
+---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
29 rows in set (0.00 sec)
audit记录的命令,默认为记录所有命令
可以设置为任意dml、dcl、ddl的组合
如:audit_record_cmds=select,insert,delete,update
audit_record_objs
audit记录操作的对象,默认为记录所有对象,
可以用SET GLOBAL audit_record_objs=NULL设置为默认
也可以指定为下面的格式
audit_record_objs=,test.*,mysql.*,information_schema.*
测试如下:
查看是否开启audit功能:
mysql> show variables like 'audit_json_file';
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| audit_json_file | OFF |
+-----------------+-------+
1 row in set (0.00 sec)
开启audit功能:
mysql> set global audit_json_file=on;
Query OK, 0 rows affected (0.00 sec)
mysql> show variables like 'audit_json_file';
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| audit_json_file | ON |
+-----------------+-------+
1 row in set (0.00 sec)
审计test库的所有对象:
mysql> SET GLOBAL audit_record_objs='test.*';
Query OK, 0 rows affected (0.00 sec)
审计test库的insert,update和delete操作:
mysql> set global audit_record_cmds='insert,delete,update';
Query OK, 0 rows affected (0.00 sec)
查看记录文件的路径和名称信息:
mysql> show variables like 'audit_json_log_file';
+---------------------+------------------+
| Variable_name | Value |
+---------------------+------------------+
| audit_json_log_file | mysql-audit.json |
+---------------------+------------------+
1 row in set (0.00 sec)
文件路径如下:
mysql> system find / -name mysql-audit.json
/usr/local/mysql/data/mysql-audit.json
对test库下的person表做insert,update和delete测试:
mysql> insert into person values('5','liuyb','29');
Query OK, 1 row affected (0.03 sec)
mysql> update person set age='55' where name='dsf';
Query OK, 2 rows affected (0.04 sec)
Rows matched: 2 Changed: 2 Warnings: 0
mysql> delete from person where name='cf';
Query OK, 1 row affected (0.03 sec)
mysql> select * from person;
+----+----------+------+
| id | name | age |
+----+----------+------+
| 2 | dsf | 55 |
| 3 | dsf | 55 |
| 4 | chenfeng | 38 |
| 5 | liuyb | 29 |
+----+----------+------+
4 rows in set (0.00 sec)
打开/usr/local/mysql/data/mysql-audit.json文件查看审计数据:
[root@localhost lib]# cat /usr/local/mysql/data/mysql-audit.json
{"msg-type":"header","date":"1494389691599","audit-version":"1.1.2-694","audit-protocol-version":"1.0","hostname":"localhost","mysql-version":"5.6.27-log","mysql-program":"/usr/local/mysql/bin/mysqld","mysql-socket":"/tmp/mysql.sock","mysql-port":"3306","server_pid":"41506"}
{"msg-type":"activity","date":"1494389798201","thread-id":"6","query-id":"53","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"Linux","_client_name":"libmysql","_pid":"41662","_client_version":"5.6.27","_platform":"x86_64","program_name":"mysql"},"rows":"1","cmd":"insert","objects":[{"db":"test","name":"person","obj_type":"TABLE"}],"query":"insert into person values('5','liuyb','29')"}
{"msg-type":"activity","date":"1494389835611","thread-id":"6","query-id":"55","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"Linux","_client_name":"libmysql","_pid":"41662","_client_version":"5.6.27","_platform":"x86_64","program_name":"mysql"},"rows":"2","cmd":"update","objects":[{"db":"test","name":"person","obj_type":"TABLE"}],"query":"update person set age='55' where name='dsf'"}
{"msg-type":"activity","date":"1494390005360","thread-id":"6","query-id":"60","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"Linux","_client_name":"libmysql","_pid":"41662","_client_version":"5.6.27","_platform":"x86_64","program_name":"mysql"},"rows":"1","cmd":"delete","objects":[{"db":"test","name":"person","obj_type":"TABLE"}],"query":"delete from person where name='cf'"}
可以看到审计结果里有对test库person表的操作记录(insert,update和delete),至此,audit插件安装成功.
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/15498/viewspace-2138826/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/15498/viewspace-2138826/
本文内容由网友自发贡献,转载请注明出处:https://www.wpsshop.cn/w/我家自动化/article/detail/672163
推荐阅读
相关标签
