MySQL Audit-sql Audit Plugin

Since MySQL5.6 has started to support JSON since the beginning of the new features added to MySQL, so that the MySQL added some new plug-in support, here is to say a MySQL SQL Audit plug-in, SQL Audit plugin is not the official MySQL, it is by MacFee company based on p Ercona developed, so, in the addition of SQL audit plug-in features need to download the corresponding version of the MySQL audit plug-in (support MARIADB), as for the MySQL plug-in installation is relatively simple, remember that once said MySQL semi-synchronous replication function, One of the semi-synchronous replication is also a plug-in, need to see: http://jim123.blog.51cto.com/4763600/1903678

Here is a brief talk about MySQL SQL Audit plugin audit deployment installation Use, first, need to go to macfee official web download corresponding MYSQL/MARIADB version of the plugin, MacFee official website: https://bintray.com/mcafee /mysql-audit-plugin/release recommended to download the latest stable version, this time using the MySQL5.6

[[Email protected] src]# unzip audit-plugin-mysql-5.6-1.1.4-725-linux-x86_64.zip[[email  protected] src]# cd audit-plugin-mysql-5.6-1.1.4-725# advanced under MySQL see the path of the plugin mysql>  show variables like  '%plugin_dir% '; +---------------+------------------------------+|  variable_name | value                         |+---------------+-------------------------- ----+| plugin_dir    | /usr/local/mysql/lib/plugin/ |+---------------+----- -------------------------+1 row in set  (0.03 sec) [[email protected]  audit-plugin-mysql-5.6-1.1.4-725]# cp lib/libaudit_plugin.so /usr/local/mysql/lib/plugin/[[ Email protected] audit-plugin-mysql-5.6-1.1.4-725]# cd /usr/local/mysql/lib/plugin[[email  protected] plugin]# chown mysql:mysql libaudit_plugin.so && chmod +x libaudit_plugin.so# Modify the generic group and add permissions for the plug-in [[email protected] plugin]# mysql# re-enter MySQL to install the plugin Mysql> install plugin  audit soname  ' libaudit_plugin.so '; mysql> show global variables like   ' audit% ';mysql> set global audit_json_file = on;

This audit plug-in on the installation is good, here also need to pay extra attention to this does not shut down the audit plug-in function directly uninstall audit plug-ins, will lead to MySQL error, less secure, all of us also want to add my.cnf

plugin-load=audit=libaudit_plugin.so# This parameter is strictly prohibited on-line uninstall, write well after restart MySQL effective

In addition, add the following lines to make the audit plugin effective after MySQL restarts:

Audit_json_file=onaudit_force_record_logins=onaudit_json_file_sync=1

Here are a few parameters that need our attention:

Audit_json_file#audit function of the switch audit_json_log_file#audit the record file name, the general record files are in DataDir Audit_record_cmds#audit recorded command, the default is empty, That is, all commands can be recorded, or modified according to the actual situation, such as the record Select and INSERT statements: Audit_record_cmds=select,insertaudit_record_objs#audit records the operation of the object, the default is also empty, Record all objects here objects are referred to as MySQL libraries, such as the audit_record_objs=mysql.*,information_schema.*audit_whitelist_users# whitelist, Refers to those users whose SQL statements do not record

The last thing to say is that the SQL Audit feature that turns on MySQL is needed when necessary, otherwise it will degrade the performance of MySQL roughly about 30%, of course, if the condition is allowed to be no problem, the SQL audit recorded content in the format of JSON Audit_json_log_ File, you can use the corresponding rotation archive management when you check in

This article from "Technical essay" blog, declined reprint!

MySQL Audit-sql Audit Plugin