MySQL mariadb enable audit plugin

Last Update:2016-11-04 Source: Internet

Author: User

Tags syslog percona

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

For MySQL Percona mariadb three have their own audit plugin, but, MySQL audit plugin is only Enterprise version, but also have a lot of third-party MySQL audit plugin, and Percona and MARIADB are GPL audit plugin

First look at the MARIADB audit plugin

[[Email protected]_aolens_01 /usr/local/mysql]# mysql -uroot -p2aa263a42dd248welcome  to the mariadb monitor.  commands end with ; or \g. Your mariadb connection id is 42804server version: 10.0.14-mariadb-log  Source distributionCopyright  (c)  2000, 2014, Oracle, SkySQL Ab  And others. type  ' help; '  or  ' \h '  for help. Type  ' \c '  to clear the current input  statement. mariadb [(none)]> show variables like  '%audit% '; empty set  (0.00 sec) mariadb [(none)]> install plugin server_audit  soname  ' server_audit.so ';   #安装审计插件Query  OK, 0 rows affected  (0.18 &NBSP;SEC) mariadb [(none)]> show variables like  '%audit% '; +----------------------- --------+-----------------------+| variable_name                  | Value                  |+-------------------------------+-----------------------+|  server_audit_events           |                         | |  server_audit_excl_users       |                        | |  server_audit_file_path        | server_audit.log       | |  server_audit_file_rotate_now  | off                   | |  server_audit_file_rotate_size | 1000000                | |  server_audit_file_rotations   | 9                      | |  server_audit_incl_users       |                        | |  server_audit_logging          | OFF                    | |  server_audit_mode             | 0                      | |  server_audit_output_type      | file                   | |  server_audit_syslog_facility  | LOG_USER               | |  server_audit_syslog_ident     | mysql-server_auditing | |  server_audit_syslog_info      |                        | |  server_audit_syslog_priority  | LOG_INFO               |+-------------------------------+-----------------------+14 rows  in set  (0.00 sec) mariadb [(none)]> show variables like  ' Plugin_dir ';    # plugin address path +---------------+------------------------------+|  Variable_name | Value                         |+---------------+-------------------- ----------+| plugin_dir    | /usr/local/mysql/lib/plugin/ |+--------------- +----------------------------- +1 row in set  (0.00 sec)

If you want to permanently load, just specify the following line in the configuration file, when uninstalling the plugin will be error, the plugin will not be uninstalled until the configuration file changes

[Mysqld]plugin-load=server_audit=server_audit.soserver_audit=force_plus_permanent

Command line enable audit, fail after reboot

MariaDB [(None)]> set global server_audit_file_rotate_size=1024*1024*1024; Query OK, 0 rows affected (0.01 sec) MariaDB [(None)]> set global server_audit_events= ' query,table '; Query OK, 0 rows Affected (0.00 sec) MariaDB [(None)]> set global server_audit_file_rotate_now=on; Query OK, 0 rows Affected (0.00 sec) MariaDB [(None)]> set global server_audit_logging= ' on '; Query OK, 0 rows Affected (0.00 sec)

In order for the variables of the MySQL restart setting to still be valid, you need to add the appropriate configuration to the configuration file:

[Mysqld]

server_audit_events= ' connect,query,table '

Server_audit_logging=on

server_audit_file_rotate_size=2000000

server_audit_file_rotations=10

To view the audit log:

[Email protected]_aolens_01 ~]# tail-n 20/mydata/data/server_audit.log

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/89/BA/wKiom1ga0NKzKwTyAAMI9klcguU973.png "title=" F58759ca-37ff-41a1-a040-997b8a296b42.png "alt=" Wkiom1ga0nkzkwtyaami9klcguu973.png "/>

Parameter description:

Server_audit_output_type: Specifies the log output type, which can be a syslog or file
Server_audit_logging: Start or close an audit
Server_audit_events: Specifies the type of event to log, multiple values (connect,query,table) that can be separated by commas, and if query cache is turned on, the query returns data directly from the query cache without table records
Server_audit_file_path: If Server_audit_output_type is a file, use this variable to set the files that store the log, you can specify the directory, which is stored in the Server_audit.log file of the data directory by default.
Server_audit_file_rotate_size: Limit the size of log files
Server_audit_file_rotations: Specifies the number of log files that will never be rotated if the journal is 0 days
Server_audit_file_rotate_now: Force log file rotation
Server_audit_incl_users: Specifies which user's activity will be logged, and connect will not be affected by this variable, which is higher than the server_audit_excl_users priority
Server_audit_syslog_facility: Default is Log_user, specify facility
Server_audit_syslog_ident: Set ident as part of each syslog record
Server_audit_syslog_info: The specified info string is added to the syslog record
Server_audit_syslog_priority: Define SYSLOGD priority for logging
Server_audit_excl_users: User behavior for this list will not be logged and connect will not be affected by this setting
Server_audit_mode: Identity version for development testing

MYSQL Add audit function :

Wget https://dl.bintray.com/mcafee/mysql-audit-plugin/:audit-plugin-mariadb-10.0-1.1.0-625-linux-x86_64. Zipunzip AUDIT-PLUGIN-MARIADB-10.0-1.1.0-625-LINUX-X86_64.ZIPCD Audit-plugin-mariadb-10.0-1.1.0-625/libmysql- Uroot-p-E "show global variables like ' plugin_dir ';" Plugin_dir ', '/usr/local/mysql/lib/plugin/'

# Copy plugin to MySQL plugin directory

CP libaudit_plugin.so/usr/local/mysql/lib/plugin/'

# Install Audit Plugin

Mysql-uroot-p-E "INSTALL PLUGIN AUDIT SONAME ' libaudit_plugin.so ';"

Other configurations are the same as mariadb

mariadb Audit Plugin variable interpretation: https://mariadb.com/kb/en/mariadb/server_audit-system-variables/#server_audit_events

mariadb Audit Plugin Introduction: https://mariadb.com/kb/en/mariadb/about-the-mariadb-audit-plugin/

Audit plugin for Percona: https://www.percona.com/blog/2014/05/07/mysql-audit-plugin-now-available-in-percona-server-5-5-and-5-6/

Https://www.percona.com/doc/percona-server/5.6/management/audit_log_plugin.html

MySQL's audit plugin: https://dev.mysql.com/doc/refman/5.5/en/audit-log-installation.html

third-party MySQL audit plugin: Https://github.com/mcafee/mysql-audit

This article is from the "Aolens blocks until those" blog, be sure to keep this source http://aolens.blog.51cto.com/7021142/1868900

MySQL mariadb enable audit plugin

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More