4th day One, "MariaDB" Journal Audit

"December 4, 2016"

Busy for a few days, did not have time to read, but always to the intersection of goods it!!

recently the boss to audit, the server pressure is very large, the past MySQL internal audit has been closed, hardware audit did not, he recommended to write to disk file.

1. Download the plugin on MARIDB website, upload to MySQL server, unzip

https://mariadb.com/kb/en/mariadb/mariadb-audit-plugin/

2. Log in to MySQL

[Email protected] [(none)]>show VARIABLES like ' plugin_dir '; +---------------+------------------------------+| variable_name | Value |+---------------+------------------------------+| Plugin_dir | /usr/local/mysql/lib/plugin/|+---------------+------------------------------+1 row in Set (0.01 sec)

3. Copy the plugin to the Plugindir directory and install it in MySQL:

INSTALL PLUGIN server_audit SONAME ' server_audit.so;set global server_audit_events= ' QUERY_DDL,QUERY_DML '; set global server_audit_logging = 1;

4.vi/etc/my.cnf

Server_audit_logging server_audit_events=connect,query (optional)

5. Restart MySQL (there is no need to restart)

6. View Audit logs

[email protected]:(None)  08:41:54>SHOW VARIABLES LIKE  ' server_audit% '; +----------- --------------------+----------------------------------+| variable_name                  | Value                              |+-------------------------------+----------------------------------+|  SERVER_AUDIT_EVENTS           | QUERY_DDL, query_dml              |  #指定记录事件的类型 , multiple values (connect,query,table) can be separated by commas, and if query caching is turned on (query,cache) queries that return data directly from the query cache, there will be no table records | server_audit_excl_users        | bbb,aaaaaa                        |  #该列表的用户操作不被记录, Connet is not affected by this setting | server _audit_file_path        | /data/audit_log/server_audit.log |   #审计日志存放地址 (default in database data directory) | server_audit_file_rotate_now  | off                                |  #强制日志文件轮转 | server_audit_file_rotate_size  | 1000000                           |  #限制日志文件的大小 | server_audit_file_ rotations   | 0                                  |  #指定日志文件的数Volume, if the log for 0 days will never rotate | server_audit_incl_users       |                                    |  #指定哪些用户的活动将记录, connet not affected, The change amount is higher than server_audit_excl_users priority | server_audit_loc_info          |                                   | |  server_audit_logging          | ON                                 |  #表示开启审计日志服务 | server_audit_mode              | 0                                  |  #表示版本 for development test | server_audit_output_type       | file                              |  #日志输出形式以file, Syslog  # https://www.oschina.net/question/12_127238| server_audit_query_log_limit  |  1024                              | |  server_audit_syslog_facility  | LOG_USER                          |  #默认Log_user, specifying facility| server_audit_syslog_ident      | mysql-server_auditing             |  #指定ident, as part of each syslog record | server_audit_syslog_info       |                                   |   #指定的info字符串将添加到syslog记录 | server_audit_syslog_priority  | log_info                           |  #定义记录日志的syslogd  priority+-------------------------------+----------------- -----------------+16 rows in set  (0.00 SEC)

Server_audit_events, server_audit_logging and other parameters are global dynamic parameters, can be changed directly in the database.

7. This is the spring Yang the Great god provides

This article is from the "Rise" blog, please be sure to keep this source http://binbinwudi8688.blog.51cto.com/3023365/1879391

4th day One, "MariaDB" Journal Audit