mysql-audit.json:Mysql审计日志
插件下载地址:
https://bintray.com/mcafee/mysql-audit-plugin/release/1.1.4-725#files
首先查看mysql的插件保存目录:
mysql> show global variables like 'plugin_dir'; +---------------+------------------------------+ | Variable_name | Value | +---------------+------------------------------+ | plugin_dir | /usr/local/mysql/lib/plugin/ | +---------------+------------------------------+ 1 row in set (0.01 sec)
解压缩:
unzip audit-plugin-mysql-5.7-1.1.4-725-linux-x86_64.zip
把so文件复制到上面的目录下:
cp audit-plugin-mysql-5.7-1.1.4-725/lib/libaudit_plugin.so /usr/local/mysql/lib/plugin/ chmod +x /usr/local/mysql/lib/plugin/libaudit_plugin.so
查看安装后的插件版本:
mysql> show global status like 'AUDIT_version'; +---------------+-----------+ | Variable_name | Value | +---------------+-----------+ | Audit_version | 1.1.4-725 | +---------------+-----------+ 1 row in set (0.01 sec)
修改/etc/my.cnf,添加下面的配置并重启mysql
plugin-load=AUDIT=libaudit_plugin.so audit_json_file=ON audit_record_cmds=connect,Quit,show,select,insert,update,delete audit_whitelist_users=xxx
plugin-load=AUDIT=libaudit_plugin.so:防止删除了插件,重启后又会加载
audit_json_file=ON:json日志文件ON | OFF,保证mysql重启后自动启动插件
audit_record_cmds=connect,Quit,show,select,insert,update,delete:要记录哪些命令语句,用于记录到审计跟踪的命令
audit_whitelist_users=xxx:审计白名单用户,以逗号为分隔符
audit_whitelist_cmds:审计命令白名单,以逗号为分隔符
详细的参数说明,可以直接访问官方说明:
https://github.com/mcafee/mysql-audit/wiki/Configuration