MySQL mariadb enable audit plugin

For MySQL Percona mariadb three have their own audit plugin, but, MySQL audit plugin is only Enterprise version, but also have a lot of third-party MySQL audit plugin, and Percona and MARIADB are GPL audit plugin

First look at the MARIADB audit plugin

[[Email protected]_aolens_01 /usr/local/mysql]# mysql -uroot -p2aa263a42dd248welcome  to the mariadb monitor.  commands end with ; or \g. Your mariadb connection id is 42804server version: 10.0.14-mariadb-log  Source distributionCopyright  (c)  2000, 2014, Oracle, SkySQL Ab  And others. type  ' help; '  or  ' \h '  for help. Type  ' \c '  to clear the current input  statement. mariadb [(none)]> show variables like  '%audit% '; empty set  (0.00 sec) mariadb [(none)]> install plugin server_audit  soname  ' server_audit.so ';   #安装审计插件Query  OK, 0 rows affected  (0.18  SEC) mariadb [(none)]> show variables like  '%audit% '; +----------------------- --------+-----------------------+| variable_name                  | Value                  |+-------------------------------+-----------------------+|  server_audit_events           |                         | |  server_audit_excl_users       |                        | |  server_audit_file_path        | server_audit.log       | |  server_audit_file_rotate_now  | off                   | |  server_audit_file_rotate_size | 1000000                | |  server_audit_file_rotations   | 9                      | |  server_audit_incl_users       |                        | |  server_audit_logging          | OFF                    | |  server_audit_mode             | 0                      | |  server_audit_output_type      | file                   | |  server_audit_syslog_facility  | LOG_USER               | |  server_audit_syslog_ident     | mysql-server_auditing | |  server_audit_syslog_info      |                        | |  server_audit_syslog_priority  | LOG_INFO               |+-------------------------------+-----------------------+14 rows  in set  (0.00 sec) mariadb [(none)]> show variables like  ' Plugin_dir ';    # plugin address path +---------------+------------------------------+|  Variable_name | Value                         |+---------------+-------------------- ----------+| plugin_dir    | /usr/local/mysql/lib/plugin/ |+--------------- +----------------------------- +1 row in set  (0.00 sec)

If you want to permanently load, just specify the following line in the configuration file, when uninstalling the plugin will be error, the plugin will not be uninstalled until the configuration file changes

[Mysqld]plugin-load=server_audit=server_audit.soserver_audit=force_plus_permanent

Command line enable audit, fail after reboot

MariaDB [(None)]> set global server_audit_file_rotate_size=1024*1024*1024; Query OK, 0 rows affected (0.01 sec) MariaDB [(None)]> set global server_audit_events= ' query,table '; Query OK, 0 rows Affected (0.00 sec) MariaDB [(None)]> set global server_audit_file_rotate_now=on; Query OK, 0 rows Affected (0.00 sec) MariaDB [(None)]> set global server_audit_logging= ' on '; Query OK, 0 rows Affected (0.00 sec)

In order for the variables of the MySQL restart setting to still be valid, you need to add the appropriate configuration to the configuration file:

[Mysqld]

server_audit_events= ' connect,query,table '

Server_audit_logging=on

server_audit_file_rotate_size=2000000

server_audit_file_rotations=10

To view the audit log:

[Email protected]_aolens_01 ~]# tail-n 20/mydata/data/server_audit.log

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/89/BA/wKiom1ga0NKzKwTyAAMI9klcguU973.png "title=" F58759ca-37ff-41a1-a040-997b8a296b42.png "alt=" Wkiom1ga0nkzkwtyaami9klcguu973.png "/>

Parameter description:

• Server_audit_output_type: Specifies the log output type, which can be a syslog or file

• Server_audit_logging: Start or close an audit

• Server_audit_events: Specifies the type of event to log, multiple values (connect,query,table) that can be separated by commas, and if query cache is turned on, the query returns data directly from the query cache without table records

• Server_audit_file_path: If Server_audit_output_type is a file, use this variable to set the files that store the log, you can specify the directory, which is stored in the Server_audit.log file of the data directory by default.

• Server_audit_file_rotate_size: Limit the size of log files

• Server_audit_file_rotations: Specifies the number of log files that will never be rotated if the journal is 0 days

• Server_audit_file_rotate_now: Force log file rotation

• Server_audit_incl_users: Specifies which user's activity will be logged, and connect will not be affected by this variable, which is higher than the server_audit_excl_users priority

• Server_audit_syslog_facility: Default is Log_user, specify facility

• Server_audit_syslog_ident: Set ident as part of each syslog record

• Server_audit_syslog_info: The specified info string is added to the syslog record

• Server_audit_syslog_priority: Define SYSLOGD priority for logging

• Server_audit_excl_users: User behavior for this list will not be logged and connect will not be affected by this setting

• Server_audit_mode: Identity version for development testing

MYSQL Add audit function :

Wget https://dl.bintray.com/mcafee/mysql-audit-plugin/:audit-plugin-mariadb-10.0-1.1.0-625-linux-x86_64. Zipunzip AUDIT-PLUGIN-MARIADB-10.0-1.1.0-625-LINUX-X86_64.ZIPCD Audit-plugin-mariadb-10.0-1.1.0-625/libmysql- Uroot-p-E "show global variables like ' plugin_dir ';" Plugin_dir ', '/usr/local/mysql/lib/plugin/'

# Copy plugin to MySQL plugin directory

CP libaudit_plugin.so/usr/local/mysql/lib/plugin/'

# Install Audit Plugin

Mysql-uroot-p-E "INSTALL PLUGIN AUDIT SONAME ' libaudit_plugin.so ';"

Other configurations are the same as mariadb

mariadb Audit Plugin variable interpretation: https://mariadb.com/kb/en/mariadb/server_audit-system-variables/#server_audit_events

mariadb Audit Plugin Introduction: https://mariadb.com/kb/en/mariadb/about-the-mariadb-audit-plugin/

Audit plugin for Percona: https://www.percona.com/blog/2014/05/07/mysql-audit-plugin-now-available-in-percona-server-5-5-and-5-6/

Https://www.percona.com/doc/percona-server/5.6/management/audit_log_plugin.html

MySQL's audit plugin: https://dev.mysql.com/doc/refman/5.5/en/audit-log-installation.html

third-party MySQL audit plugin: Https://github.com/mcafee/mysql-audit

This article is from the "Aolens blocks until those" blog, be sure to keep this source http://aolens.blog.51cto.com/7021142/1868900

MySQL mariadb enable audit plugin