InMySQL databaseIn version 5.5), added a new plug-in: Audit plugin, used to Audit database connections and database operations. Next we will introduce in detailAudit plugin.
The related code is as follows:
- sql/sql_audit.cc
This file defines the interface functions of the audit plug-in.
- sql/sql_audit.h
Declare the function and define the function mysql_audit_general_log. This function is called When audit is triggered.
- plugin/audit_null/audit_null.c
This is a template program that provides an interface that is defined by the most basic audit plug-in.
To implement a complete audit program, you need to include the plug-in initialization, main functions, and call functions after the plug-in is uninstalled. Here we use audit_null.c as an example:
- static int audit_null_plugin_init(void *arg __attribute__((unused)))
This function is called when the plug-in is installed. It is mainly used for initialization, such as initializing global variables.
- static void audit_null_notify(MYSQL_THD thd, unsigned int event_class, constvoid *event)
This is the main function of the audit plug-in. When an event is triggered, this function will be called. The parameters include:
Thd:The thread that triggers this function contains a wealth of information in the THD struct, which can be used to implement many interesting functions.
Event_class/event:The former indicates the event type, which is used to determine the type of the event struct of the third parameter. It is defined by a macro and its value is MYSQL_AUDIT_GENERAL_CLASS, which indicates that the action of the database is triggered, when the value is MYSQL_AUDIT_CONNECTION_CLASS, it indicates that the database connection is triggered. For different types, different interface functions are called to trigger audit.
- staticaudit_handler_t audit_handlers[] =
-
- {
-
- general_class_handler,connection_class_handler
-
- };
In the preceding two cases, multiple event types are further subdivided and defined in the plugin_audit.h file.
1. When a connection is initiated
- #defineMYSQL_AUDIT_CONNECTION_CONNECT 0
Triggered after authentication is completed
- #define MYSQL_AUDIT_CONNECTION_DISCONNECT 1
Triggered when the connection is interrupted
- #define MYSQL_AUDIT_CONNECTION_CHANGE_USER 2
Triggered after the command COM_CHANGE_USER is executed.
The structure of the event parameter is mysql_event_connection.
2. When operating the database
- #defineMYSQL_AUDIT_GENERAL_LOG 0
Triggered before being submitted to the general query log.
- #define MYSQL_AUDIT_GENERAL_ERROR 1
Triggered before an error is sent to the user
- #define MYSQL_AUDIT_GENERAL_RESULT 2
Triggered when the result set is sent to the user
- #defineMYSQL_AUDIT_GENERAL_STATUS 3
Triggered when a result set is sent or an error occurs. The struct of the event parameter is mysql_event_general.
No matter which event struct is, the above seven event types are recorded in it. We can write the plug-in code according to different event types.
3. static int audit_null_plugin_deinit (void * arg _ attribute _ (unused )))
This function is called when the plug-in is uninstalled and can be used to release resources or close files.
4. Define the descriptor struct of the plug-in:
- struct st_mysql_audit
-
- {
-
- int interface_version;
-
- void (*release_thd)(MYSQL_THD);
-
- void (*event_notify)(MYSQL_THD, unsigned int, const void *);
-
- unsigned long class_mask[MYSQL_AUDIT_CLASS_MASK_SIZE];
-
- };
Version. The value is MYSQL_AUDIT_INTERFACE_VERSION.
Release_thd, usually set to NULL.
Event_policy, the main processing function. It is called when some events occur (audit_null_policy ).
Class_mask, mask.
Release_thd and event_notify can be used together. When an event triggers event_notify, the plug-in cannot be uninstalled. After the call is completed, the server notifies the release_thd function. In this way, we can allocate resources in event_notify and uniformly release the resources in release_thd.
5. Define the statues variable to specify the value displayed when SHOWSTATIS is called.
- static struct st_mysql_show_var audit_null_status[]
6. Library descriptor of the plug-in
- mysql_declare_plugin(audit_null)
-
- {
-
- MYSQL_AUDIT_PLUGIN, /* type */
-
- &audit_null_descriptor, /* descriptor */
-
- "NULL_AUDIT", /* name */
-
- "Oracle Corp", /* author */
-
- "Simple NULL Audit", /* description */
-
- PLUGIN_LICENSE_GPL,
-
- audit_null_plugin_init, /* init function (when loaded) */
-
- audit_null_plugin_deinit, /* deinit function (when unloaded) */
The third field "NULL_AUDIT" is the plug-in name when INSTALLPLUGIN is executed. If the plug-in name is inconsistent, the error that cannot be found in the library file is not reported.
Summary:
The Audit plug-in can be triggered by a variety of events. Therefore, when the server is busy, you need to carefully write the code to prevent excessive overhead and affect the overall performance of the server.