mysql 5.7安装mariadb审计插件
官方文档:
https://mariadb.com/kb/en/mariadb-audit-plugin/
参考文档:https://segmentfault.com/a/1190000042056617
下载10.5版本的 mariadb ,再高的版本不适合5.7
1、下载mariadb
下载界面: https://dlm.mariadb.com/browse/mariadb_server/101/1956/bintar-linux-x86_64/ root@servername:~# wget https://dlm.mariadb.com/3708602/MariaDB/mariadb-10.5.24/bintar-linux-x86_64/mariadb-10.5.24-linux-x86_64.tar.gz root@servername:~# tar xvf mariadb-10.5.24-linux-x86_64.tar.gz root@servername:~# cp mariadb-10.5.24-linux-x86_64/lib/plugin/server_audit.so /usr/local/mysql/lib/plugin/root@servername:~# chown mysql:mysql /usr/local/mysql/lib/plugin/server_audit.so root@servername:~# chmod 755 /usr/local/mysql/lib/plugin/server_audit.so
2、登录mysql:
mysql> INSTALL PLUGIN server_audit SONAME 'server_audit.so'; Query OK, 0 rows affected (0.00 sec) mysql> show variables like '%audit%'; +-------------------------------+-----------------------+ | Variable_name | Value | +-------------------------------+-----------------------+ | server_audit_events | | | server_audit_excl_users | | | server_audit_file_path | server_audit.log | | server_audit_file_rotate_now | OFF | | server_audit_file_rotate_size | 1000000 | | server_audit_file_rotations | 9 | | server_audit_incl_users | | | server_audit_loc_info | | | server_audit_logging | OFF | | server_audit_mode | 1 | | server_audit_output_type | file | | server_audit_query_log_limit | 1024 | | server_audit_syslog_facility | LOG_USER | | server_audit_syslog_ident | mysql-server_auditing | | server_audit_syslog_info | | | server_audit_syslog_priority | LOG_INFO | +-------------------------------+-----------------------+ 16 rows in set (0.00 sec) mysql> mysql> set global server_audit_logging=on; Query OK, 0 rows affected (0.00 sec) mysql> SET GLOBAL server_audit_file_rotate_now = ON; Query OK, 0 rows affected (0.00 sec) mysql> set global server_audit_file_rotate_size=104857600; Query OK, 0 rows affected (0.00 sec) mysql> set global server_audit_file_path ='/usr/local/mysql/server_audit.log'; Query OK, 0 rows affected (0.00 sec) mysql> set global server_audit_events='connect,table,query_ddl,query_dcl,query_dml_no_select';
3、新开会话登录
oot@servername:/usr/local/mysql# tail -f server_audit.log 20240307 15:52:21,servername,root,127.0.0.1,4,0,DISCONNECT,,,0 20240307 15:52:22,servername,root,127.0.0.1,5,0,CONNECT,,,0