MySQL audit plug-in installation instructions-the upgraded version is based on the mysql audit plug-in designed and developed earlier, and the MySQL audit plug-in installation instructions http://www.bkjia.com/database/201207/143906.html To add and describe the improved mysql audit plug-in. This section describes the newly added content in detail to further improve the audit plug-in function. The newly added content of www.2cto.com further develops and improves the MySQL audit plug-in view of the shortcomings in previous versions and incomplete functions. The new content mainly includes: 1. The audit database and data table functions are added. This function is not implemented in earlier versions. In the current version, the audit_dbs and audit_tables in the Audit options are implemented. It can audit certain databases or certain data tables, which is helpful for special applications of different application systems. In this way, we can further refine and customize the audit content in concert with the audit granularity. 2. added the function of ignoring audit users, databases, and data tables. In view of the particularity of audit applications, add neglected audit users, databases, and data tables. You can ignore Operation Records of one or more users, ignore Operation Records of one or more databases, and ignore operation records of a table. In this way, when the audit content is large and some unnecessary audit content needs to be removed from the audit, these parameters can effectively simplify the audit option configuration. The configuration file option added: the option "www.2cto.com" feature "ignore_users ignored by the user ignore_dbs ignored by the database ignore_tables ignored by the data table www.2cto.com" is described in the configuration file, similar to the audit_users, audit_dbs, and audit_tables options. When an audit user, database, or data table that is ignored conflicts with the Audit object is added, the priority of the Audit object is ignored. Example: audit_dbs = important, audit_tables = test. test, ignore_dbs = test, ignore_tables = important. test, the audit content will first ignore important. audit all operations on the test table. all operations on the test data table, and then all operations on the test database are ignored to audit the operations on important data. 3. Add database information for audit operations. Because the SQL statements operated on do not directly write to the database, the SQL statements alone cannot effectively identify the database to operate on. If different databases have the same data table, Database Audit cannot effectively track the audit content. Adding database information can effectively improve the content of SQL audit. The file output format www.2cto.com is divided into two types: Connection audit and Operation Audit. 1. The format of audit log information related to the Connection audit connection is as follows. Specific: [15:40:39]: audit time. [CONNECT]: Connection type; status: status of connection success (0) or failure (error code); user: user Name of connection; external-user: it is an external connection user and valid when using middleware or proxy services; proxy-user: the proxy service user name; host: indicates the connection host name; ip: The connected ip address; database: name of the connected database. Www.2cto.com [15:40:39] [CONNECT] status: #; thread_id: #; user: XXX; external-user: XXX; proxy-user: XXX; host: XXX; ip: ###. ###. ###. ###; database: XXX 2. The format of audit log information related to actiontrail operations is as follows. Commands related to operations include CREATE, DROP, ALTER, INSERT, UPDATE, DELETE, GRANT, REVOKE, and other operations that affect data or databases. The following uses CREATE as an example to describe in detail. Specific: [15:40:39]: audit time. Www.2cto.com [CREATE] indicates the operation type; error_code: indicates the error code of the operation; the operation succeeded is 0; thread_id: indicates the thread id of the operation to be executed; user: indicates the user name of the operation to be executed; command: the Operation Command type is defined inside the database. Data-related operations are generally Query; databases: all databases involved in SQL statements. Query: the SQL statement of the operation. Charset: the character set type of the operation. time: the time when the operation is executed. The value is a long integer since January 1, 1970. Rows: number of rows that affect data when an operation is executed. [15:40:39] [CREATE] error_code: X # thread_id: X # user: X # command: X # databases: X # query: X # charset: X # time: X # rows: X www.2cto.com data TABLE definition create table mysql. audit ('audit _ time' timestamp not null default CURRENT_TIMESTAMP, 'command' varchar (20) not null default 'null', 'status' int (11) not null default '0', 'thread _ id' bigint (32) unsigned not null default '0', 'user' varchar (20) NOT N Ull default 'null', 'external _ user' varchar (20) not null default 'null', 'proxy _ user' varchar (20) not null default 'null ', 'host' varchar (20) not null default 'null', 'IP' varchar (20) not null default 'null', 'databases' varchar (255) not null default 'null', 'query' varchar (255) not null default 'null', www.2cto.com 'charset' varchar (20) not null default 'null ', 'event _ time' timestamp NOT NULL DEF AULT '2017-00-00 00:00:00 ', 'rows 'bigint (32) not null default '0') ENGINE = csv default charset = utf8; further work 1. Check the audit parameter status. The current parameter status is dynamically displayed in show status like 'audit %. Author king_wangheng