Plugin Source Address
Https://github.com/mcafee/mysql-audit
Plug-in Installation method
Https://github.com/mcafee/mysql-audit/wiki/Installation
Plug - ins
https://bintray.com/mcafee/mysql-audit-plugin/release/1.0.9-585
1. View MySQL Plugin storage directory
Mysql> SHOW GLOBAL VARIABLES like ' plugin_dir ';
+---------------+-----------------------------------+
| variable_name | Value |
+---------------+-----------------------------------+
| Plugin_dir | /usr/local/mysql/lib/plugin/|
+---------------+-----------------------------------+
1 row in Set (0.01 sec)
2. Copy libaudit_plugin.so to MySQL plugin directory
MV libaudit_plugin.so/usr/local/mysql/lib/plugin/
chmod a+x/usr/local/mysql/lib/plugin/*
Chown mysql:mysql/usr/local/mysql/lib/plugin/*
3, install the plug-in
Initial use of the online installation, but the installation failed
mysql> INSTALL PLUGIN AUDIT SONAME ' libaudit_plugin.so ';
ERROR 1524 (HY000): Plugin ' AUDIT ' is not loaded
Then use the Modify configuration and then restart the database, the official recommendation is to use the modified configuration method to install.
Note:on production systems, McAfee recommends using the Plugin-load option for installing the audit plugin.
Modify the My.cnf file to add the load audit plug-in code
Plugin-load=audit=libaudit_plugin.so
Audit_json_file=on
Audit_force_record_logins=on
Audit_json_file_sync=1
Restart database
/etc/init.d/mysql.server restart
4. View plug-in status
Mysql> Show plugins;
+----------------------------+----------+--------------------+--------------------+---------+
| Name | Status | Type | Library | License |
+----------------------------+----------+--------------------+--------------------+---------+
| Binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
| Mysql_native_password | ACTIVE | Authentication | NULL | GPL |
| Mysql_old_password | ACTIVE | Authentication | NULL | GPL |
| Sha256_password | ACTIVE | Authentication | NULL | GPL |
| MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL |
| CSV | ACTIVE | STORAGE ENGINE | NULL | GPL |
| Mrg_myisam | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| Federated | DISABLED | STORAGE ENGINE | NULL | GPL |
| Performance_schema | ACTIVE | STORAGE ENGINE | NULL | GPL |
| Blackhole | ACTIVE | STORAGE ENGINE | NULL | GPL |
| InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL |
| Innodb_trx | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_locks | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_lock_waits | ACTIVE | Information SCHEMA | NULL | GPL |
| innodb_cmp | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_cmp_reset | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_cmpmem | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_cmpmem_reset | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_cmp_per_index | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_cmp_per_index_reset | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_buffer_page | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_buffer_page_lru | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_buffer_pool_stats | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_metrics | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_ft_default_stopword | ACTIVE | Information SCHEMA | NULL | GPL |
| innodb_ft_deleted | ACTIVE | Information SCHEMA | NULL | GPL |
| innodb_ft_being_deleted | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_ft_config | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_ft_index_cache | ACTIVE | Information SCHEMA | NULL | GPL |
| innodb_ft_index_table | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_sys_tables | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_sys_tablestats | ACTIVE | Information SCHEMA | NULL | GPL |
| innodb_sys_indexes | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_sys_columns | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_sys_fields | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_sys_foreign | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_sys_foreign_cols | ACTIVE | Information SCHEMA | NULL | GPL |
| innodb_sys_tablespaces | ACTIVE | Information SCHEMA | NULL | GPL |
| Innodb_sys_datafiles | ACTIVE | Information SCHEMA | NULL | GPL |
| ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| Partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |
+----------------------------+----------+--------------------+--------------------+---------+
All rows in Set (0.00 sec)
5, view the configuration parameters of the plug-in
Mysql> show global VARIABLES like '%audit% ';
+---------------------------------+---------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- -----------------------------------------------------------------------------------+
| variable_name | Value |
+---------------------------------+---------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- -----------------------------------------------------------------------------------+
| Audit_checksum | |
| Audit_delay_cmds | |
| Audit_delay_ms | 0 |
| Audit_force_record_logins | On |
| audit_header_msg | On |
| Audit_json_file | On |
| Audit_json_file_bufsize | 1 |
| Audit_json_file_flush | OFF |
| Audit_json_file_retry | 60 |
| Audit_json_file_sync | 1 |
| Audit_json_log_file | Mysql-audit.json |
| Audit_json_socket | OFF |
| Audit_json_socket_name | /tmp/mysql.audit__data_mysql_3306_datadir_mysqldata_3306 |
| Audit_json_socket_retry | 10 |
| Audit_offsets | |
| audit_offsets_by_version | On |
| Audit_password_masking_cmds | Create_user,grant,set_option,slave_start,create_server,alter_server,change_master |
| Audit_password_masking_regex | Identified (?:/ \*.*?\*/|\s) *?by (?:/ \*.*?\*/|\s) *? (?:p assword)? (?:/ \*.*?\*/|\s) *? [' | '] (? <psw>.*?) (? <!\\) [' | ']| Password (?:/ \*.*?\*/|\s) *?\ ((?:/ \*.*?\*/|\s) *? [' | '] (? <psw>.*?) (? <!\\) [' | '] (?:/ \*.*?\*/|\s) *?\) |password (?:/ \*.*?\*/|\s) *? (?: for (?:/ \*.*?\*/|\s) *?\s+?)? (?:/ \*.*?\*/|\s) *?= (?:/ \*.*?\*/|\s) *? [' | '] (? <psw>.*?) (? <!\\) [' | ']| Password (?:/ \*.*?\*/|\s) *? [' | '] (? <psw>.*?) (? <!\\) [' | '] |
| Audit_record_cmds | |
| Audit_record_objs | |
| Audit_uninstall_plugin | OFF |
| Audit_validate_checksum | On |
| audit_validate_offsets_extended | On |
| Audit_whitelist_cmds | Begin,commit |
| Audit_whitelist_users | |
+---------------------------------+---------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- -----------------------------------------------------------------------------------+
Rows in Set (0.01 sec)
6. Verification Audit
[Email protected]_166_132 mysqldata]# Tailf/data/mysql/mysql-audit.json
{"Msg-type": "Activity", "date": "1480659848340", "Thread-id": "4", "Query-id": "A", "User": "Root", "Priv_user": "Root" , "host": "", "IP": "127.0.0.1", "cmd": "Show_variables", "objects": [{"DB": "Information_schema", "name": "/tmp/#sql_ 6a75_0 "," Obj_type ":" TABLE "}]," Query ":" SHOW GLOBAL VARIABLES like ' Plugin_dir ' "}
{"Msg-type": "Activity", "date": "1480659883722", "Thread-id": "4", "Query-id": "$", "user": "Root", "Priv_user": "Root" , "host": "", "IP": "127.0.0.1", "cmd": "Show_plugins", "objects": [{"DB": "Information_schema", "name": "/tmp/#sql_6a75_ 0 "," obj_type ":" TABLE "}]," Query ":" Show Plugins "}
7. Close the audit
Mysql> set GLOBAL Audit_json_file=off;
Query OK, 0 rows affected (0.01 sec)
8. Disable Plugins
mysql> UNINSTALL PLUGIN AUDIT;
ERROR 1148 (42000): Uninstall AUDIT plugin disabled
Online disable failed, take modification configuration file, restart mode modification.
MySQL add McAfee audit plugin