标签:info har iba alt nec mat extract 组合 amp
https://www.cnblogs.com/waynechou/p/mysql_audit.html#_label0
https://bintray.com/mcafee/mysql-audit-plugin/release/1.1.6-784#files
查看mysql插件目录: mysql> SHOW GLOBAL VARIABLES LIKE ‘plugin_dir‘; +---------------+------------------------+ | Variable_name | Value | +---------------+------------------------+ | plugin_dir | /opt/mysql/lib/plugin/ | +---------------+------------------------+ 1 row in set (0.00 sec) 复制下载的so文件至plugin_dir,创建日志目录 cd /opt/tools/audit-plugin-mysql-5.6-1.1.6-784/lib cp libaudit_plugin.so /opt/mysql/lib/plugin/ mkdir /home/mysql/3306/audit_log/ chown mysql.mysql /home/mysql/3306/audit_log/ 下载offset脚本,根据版本计算 wget https://raw.github.com/mcafee/mysql-audit/master/offset-extract/offset-extract.sh chmod +x offset-extract.sh [root@docker1 /opt/tools 19:42:56&&11]#./offset-extract.sh /opt/mysql/bin/mysqld //offsets for: /opt/mysql/bin/mysqld (5.6.35) {"5.6.35","c48fe13e444883af96c7f134cd0c952b", 6992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516}, 配置my.cnf,在mysqld块里面加入以下内容: plugin-load=AUDIT=libaudit_plugin.so audit_offsets=6992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516 audit_json_file=ON audit_json_log_file=/home/mysql/3306/audit_log/mysql-audit.json audit_record_cmds=insert,delete,update,create,drop,revoke,alter,grant,set #针对这些语句来审计 重启mysql数据库 service mysql restart 验证是否生效: SHOW GLOBAL STATUS LIKE ‘AUDIT_version‘; #查看版本 SHOW GLOBAL VARIABLES LIKE ‘audit_json_file‘; #查看是否开启
show plugins; #查看安装的插件
重要的参数说明:
1. audit_json_file #是否开启audit功能
2. audit_json_log_file #记录文件的路径和名称信息
3. audit_record_cmds #audit记录的命令,默认为记录所有命令可以设置为任意dml、dcl、ddl的组合 如:audit_record_cmds=select,insert,delete,update 还可以在线设置set global audit_record_cmds=NULL(表示记录所有命令)
4.audit_record_objs
audit记录操作的对象,默认为记录所有对象,可以用SET GLOBAL audit_record_objs=NULL设置为默认。也可以指定为下面的格式:audit_record_objs=,test.*,mysql.*,information_schema.*。
其他配置参数参考: https://github.com/mcafee/mysql-audit/wiki/Configuration
测试:
CREATE TABLE `t1` ( `id` int(10) NOT NULL AUTO_INCREMENT, `age` tinyint(4) NOT NULL DEFAULT ‘0‘, `name` varchar(30) NOT NULL DEFAULT ‘‘, PRIMARY KEY (`id`) )DEFAULT CHARSET=utf8;
INSERT INTO `test`.`t1` (`age`, `name`) VALUES (‘1‘, ‘1‘);
INSERT INTO `test`.`t1` (`age`, `name`) VALUES (‘3‘, ‘3‘);
INSERT INTO `test`.`t1` (`age`, `name`) VALUES (‘4‘, ‘4‘);
INSERT INTO `test`.`t1` (`age`, `name`) VALUES (‘5‘, ‘5‘);
update t1 set name=‘6‘ where age=‘5‘;
delete from t1 where age=‘1‘; select * from t1;
#查看审计日志
[root@docker1 /opt/tools 19:43:00&&12]#cat /home/mysql/3306/audit_log/mysql-audit.json
{"msg-type":"header","date":"1532167436580","audit-version":"1.1.6-784","audit-protocol-version":"1.0","hostname":"docker1","mysql-version":"5.6.35-log","mysql-program":"/opt/mysql/bin/mysqld","mysql-socket":"/tmp/my3306.sock","mysql-port":"3306","server_pid":"43306"} {"msg-type":"activity","date":"1532167889630","thread-id":"9","query-id":"54","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `t1` (`age`, `name`) VALUES (‘2‘, ‘2‘)"} {"msg-type":"activity","date":"1532167962813","thread-id":"8","query-id":"68","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES (‘1‘, ‘1‘)"} {"msg-type":"activity","date":"1532167962831","thread-id":"8","query-id":"69","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES (‘3‘, ‘3‘)"} {"msg-type":"activity","date":"1532167962849","thread-id":"8","query-id":"70","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES (‘4‘, ‘4‘)"} {"msg-type":"activity","date":"1532167962867","thread-id":"8","query-id":"71","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES (‘5‘, ‘5‘)"} {"msg-type":"activity","date":"1532168079332","thread-id":"8","query-id":"87","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"update","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"update t1 set name=‘6‘ where age=‘5‘"} {"msg-type":"activity","date":"1532168113498","thread-id":"8","query-id":"103","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"delete","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"delete from t1 where age=‘1‘"}
标签:info har iba alt nec mat extract 组合 amp
原文地址:https://www.cnblogs.com/hanxiaohui/p/9347767.html
