mysql 安装maridb的审计插件

1,copy maridb的审计插件导mysql的插件目录,查看插件目录使用 show variables like '%plugin%'; 2 mysql> install plugin server_audit SONAME 'server_audit.so'; 3: 不重启mysql设置...

1,copy maridb的审计插件导mysql的插件目录,查看插件目录使用 show variables like '%plugin%'; 插件下载地址

2 mysql> install plugin server_audit SONAME 'server_audit.so';

3:

不重启mysql设置方式:


set global server_audit_events='QUERY,TABLE,QUERY_DDL,QUERY_DML,QUERY_DCL';

set global server_audit_file_path='/webdata/opt/local/mysql/misc/server_audit.log';

set global server_audit_file_rotate_size=50000000;

set global  server_audit_file_rotations=90;

set global server_audit_incl_users='chenchong';

set global server_audit_logging=ON;


#或则在配置文件的[mysqld]下增加

server_audit_events='QUERY,TABLE,QUERY_DDL,QUERY_DML,QUERY_DCL'

server_audit_file_path='/webdata/opt/local/mysql/misc/server_audit.log'

server_audit_file_rotate_size=50000000

server_audit_file_rotations=90

server_audit_incl_users='chenchong'

server_audit_logging=ON


Maridb 审计插件变量说明如下:


server_audit_events

  • Description: If set it specifies the set of types of events to log. For example: SET GLOBAL server_audit_events='connect, query'
  • Commandline: --server-audit-events=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: Empty string
  • Valid Values: CONNECT, QUERY and TABLE (QUERY_DDL, QUERY_DML added in 1.2.0 and QUERY_DCL added in 1.3.0)

server_audit_excl_users

  • Description: If not empty, it contains the list of users whose activity will NOT be logged. For example: SET GLOBAL server_audit_excl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged. The user is still logged if it's specified in server_audit_incl_users.
  • Commandline: --server-audit-excl-users=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: Empty string

server_audit_file_path

  • Description: When server_audit_output_type=file, sets the path and the filename to the log file. If the specified path exists as a directory, then the log will be created inside that directory with the name 'server_audit.log'. Otherwise the value is treated as a filename. The default value is 'server_audit.log', which means this file will be created in the database directory.
  • Commandline: --server-audit-file-path=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: server_audit.log

server_audit_file_rotate_now

  • Description: When server_audit_output_type=file, the user can force the log file rotation by setting this variable to ON or 1.
  • Commandline: --server-audit-rotate-now[={0|1}]
  • Scope: Global
  • Dynamic: Yes
  • Data Type: boolean
  • Default Value: OFF

server_audit_file_rotate_size

  • Description: When server_audit_output_type=file, it limits the size of the log file. Reaching that limit turns on the rotation - the current log file is renamed as 'file_path.1'. The empty log file is created as 'file_path' to log into it. The default value is 100000.
  • Commandline: --server-audit-rotate-size=#
  • Scope: Global
  • Dynamic: Yes
  • Data Type: numeric
  • Default Value: 1000000

server_audit_file_rotations

  • Description: When server_audit_output_type=file', this specifies the number of rotations to save. If set to 0 then the log never rotates. The default value is 9.
  • Commandline: --server-audit-rotations=#
  • Scope: Global
  • Dynamic: Yes
  • Data Type: numeric
  • Default Value: 9
  • Range: 0 to 999

server_audit_incl_users

  • Description: If not empty, it contains a comma-delimited list of users whose activity will be logged. For example: SET GLOBAL server_audit_incl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged. This setting has higher priority than server_audit_excl_users. So if the same user is specified both in incl_ and excl_ lists, they will still be logged.
  • Commandline: --server-audit-incl-users=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: Empty string

server_audit_loc_info

  • Description: Used by plugin internals. For a user it's read-only and its value has no distinct meaning. The goal is to make it invisible over time.
  • Commandline: N/A
  • Scope: Global
  • Dynamic: No
  • Data Type: string
  • Default Value: Empty string
  • Introduced: MariaDB 5.5.48MariaDB 10.0.24MariaDB 10.1.12

server_audit_logging

  • Description: Enables/disables the logging. Expected values are ON/OFF. For example: SET GLOBAL server_audit_logging=on If the server_audit_output_type is FILE, this will actually create/open the logfile so the server_audit_file_path should be properly specified beforehand. Same about the SYSLOG-related parameters. The logging is turned off by default.
  • Commandline: --server-audit-logging[={0|1}]
  • Scope: Global
  • Dynamic: Yes
  • Data Type: boolean
  • Default Value: OFF

server_audit_mode

  • Description: This variable doesn't have any distinctive meaning for a user. Its value mostly reflects the server version with which the plugin was started and is intended to be used by developers for testing.
  • Commandline: --server-audit-mode[=#]

server_audit_output_type

  • Description: Specifies the desired output type. Can be SYSLOG or FILE. For example: SET GLOBAL server_audit_output_type=file file: log records will be saved into the rotating log file. The name of the file set by server_audit_file_path variable. syslog: log records will be sent to the local syslogd daemon with the standard <syslog.h> API. The default value is 'file'.
  • Commandline: --server-audit-output-type=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: enum
  • Default Value: file
  • Valid Values: SYSLOG or FILE

server_audit_query_log_limit

  • Description: Limit on the length of the query string in a record.
  • Commandline: --server-audit-query-log-limit=#
  • Scope: Global
  • Dynamic: Yes
  • Data Type: numeric
  • Default Value: 1024
  • Range: 0 to 2147483647
  • Introduced: MariaDB 5.5.43MariaDB 10.0.18MariaDB 10.1.5

server_audit_syslog_facility

  • Description: SYSLOG-mode variable. It defines the 'facility' of the records that will be sent to the syslog. Later the log can be filtered by this parameter.
  • Commandline: --server-audit-syslog-facility=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: enum
  • Default Value: LOG_USER
  • Valid Values: LOG_USER, LOG_MAIL, LOG_DAEMON, LOG_AUTH, LOG_SYSLOG, LOG_LPR, LOG_NEWS, LOG_UUCP, LOG_CRON, LOG_AUTHPRIV, LOG_FTP, and LOG_LOCAL0–LOG_LOCAL7.

server_audit_syslog_ident

  • Description: SYSLOG-mode variable. String value for the 'ident' part of each syslog record. Default value is 'mysql-server_auditing'. New value becomes effective only after restarting the logging.
  • Commandline: --server-audit-syslog-ident=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: mysql-server_auditing

server_audit_syslog_info

  • Description: SYSLOG-mode variable. The 'info' string to be added to the syslog records. Can be changed any time.
  • Commandline: --server-audit-syslog-info=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: Empty string

server_audit_syslog_priority

  • Description: SYSLOG-mode variable. Defines the priority of the log records for the syslogd.
  • Commandline: --server-audit-syslog-priority=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: enum
  • Default Value: LOG_INFO
  • Valid Values:LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG
  • 发表于 2017-07-27 23:10
  • 阅读 ( 56 )

你可能感兴趣的文章

相关问题

0 条评论

请先 登录 后评论
石天
石天

437 篇文章

作家榜 »

  1. shitian 662 文章
  2. 石天 437 文章
  3. 每天惠23 33 文章
  4. 小A 29 文章

石天

如果觉得我的文章对您有用,请随意打赏。你的支持将鼓励我继续创作!