MySQL开启Mariadb审计插件
一、环境说明:
本文以mariadb-10.2.17二进制安装包的审计插件安装到MySQL5.7.32版本为例
cp mariadb-10.2.17的插件server_audit.so 到MySQL服务得插件目录/usr/local/mysql/lib/plugin下:
二、MySQL开启 MariaDB审计插件
动态开启:
永久生效写入配置文件:
三、Mariadb审计插件具体参数说明
四、审计日志记录操作MySQL DDL,DML,DCL 语句参数说明
QUERY_DML_NO_SELECT参数:
Similar to QUERY_DML, but doesn’t log SELECT queries. (since version 1.4.4) (DO, CALL, LOAD DATA/XML, DELETE, INSERT, UPDATE, HANDLER and REPLACE statements)
测试,只支持DML得审计:
只能审计insert,update,delete,不记录create drop alter语句
QUERY_DDL参数:
Similar to QUERY, but filters only DDL-type queries (CREATE, ALTER, DROP, RENAME and TRUNCATE statements—except CREATE/DROP [PROCEDURE / FUNCTION / USER] and RENAME USER (they’re not DDL)
QUERY_DCL参数:
Similar to QUERY, but filters only DCL-type queries (CREATE USER, DROP USER, RENAME USER, GRANT, REVOKE and SET PASSWORD statements)
以上参数说明来自官方文档
https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/
五、审计日志具体记录内容格式演示
六、日志内容和对应参数格式说明
审计记录文件的格式如下:
[timestamp],[serverhost],[username],[host],[connectionid],[queryid],[operation],[database],[object],[retcode]
一个对应的例子如下:
20210305 12:59:30,db-stage1.jiaody.cn,codeuser,172.17.0.206,4,28,QUERY,test0001,‘drop table test_event’,0
参考文档如下:
https://www.cnblogs.com/1584779745qq/p/6479522.html
https://mp.weixin.qq.com/s/vNcTb7IR_LpYlcZf_Y-aAA
https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/