189 8069 5689

PerconaAuditLogPlugin实现对mysql审计的操作步骤

下文给大家带来有关Percona Audit Log Plugin实现对MySQL 审计的操作步骤内容,相信大家一定看过类似的文章。我们给大家带来的有何不同呢?一起来看看正文部分吧,相信看完Percona Audit Log Plugin实现对mysql 审计的操作步骤你一定会有所收获。

创新互联坚持“要么做到,要么别承诺”的工作理念,服务领域包括:网站建设、做网站、企业官网、英文网站、手机端网站、网站推广等服务,满足客户于互联网时代的怀宁网站设计、移动媒体设计的需求,帮助企业找到有效的互联网解决方案。努力成为您成熟可靠的网络建设合作伙伴!

Percona Audit Log Plugin提供对特定云服务器上执行的连接和查询活动的监视和记录。 有关活动的信息将存储在XML日志文件中,其中每个事件将具有其NAME字段,其自己的唯一RECORD_ID字段和TIMESTAMP字段。 此实现是MySQL Enterprise Audit Log Plugin的替代审计日志插件生成以下事件的日志:Audit  -  Audit事件表示审计日志记录已开始或已完成。 记录开始时NAME字段为Audit,日志记录完成时为NoAudit。 审计记录还包括云服务器版本和命令行参数。

"NAME"="Audit"
"RECORD"="1_2014-04-29T09:29:40"
"TIMESTAMP"="2014-04-29T09:29:40 UTC"
"MYSQL_VERSION"="5.6.17-65.0-655.trusty"
"STARTUP_OPTIONS"="--basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysql/error.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=3306"
"OS_VERSION"="x86_64-debian-linux-gnu",
/>
Connect/Disconnect - Connect record event will have NAME field Connect when user logged in or login failed, or Quit when connection is closed. Additional fields for this event are CONNECTION_ID, STATUS, USER, PRIV_USER, OS_LOGIN, PROXY_USER, HOST, and IP. STATUS will be 0 for successful logins and non-zero for failed logins.
Example of the Disconnect event:

"NAME"="Quit"
"RECORD"="24_2014-04-29T09:29:40"
"TIMESTAMP"="2014-04-29T10:20:13 UTC"
"CONNECTION_ID"="49"
"STATUS"="0"
"USER"=""
"PRIV_USER"=""
"OS_LOGIN"=""
"PROXY_USER"=""
"HOST"=""
"IP"=""
"DB"=""
/>

1,安装:

审核日志插件随Percona Server一起提供,但默认情况下不会安装。要启用该插件,您必须运行以下命令

INSTALL PLUGIN audit_log SONAME 'audit_log.so';

验证插件是否安装成功

SHOW PLUGINS;

+--------------------------------+----------+--------------------+--------------+---------+
| Name                           | Status   | Type               | Library      | License |
+--------------------------------+----------+--------------------+--------------+---------+
...
| audit_log                      | ACTIVE   | AUDIT              | audit_log.so | GPL     |
+--------------------------------+----------+--------------------+--------------+---------+

2,日志格式:

审核日志插件支持四种日志格式:OLD,NEW,JSON和CSV。 OLD和NEW格式基于XML,前者将日志记录属性输出为XML属性,后者输出为XML标记。 记录的信息在所有四种格式中都是相同的。 日志格式选择由audit_log_format变量控制。


Quit
10902_2014-04-28T11:02:54
2014-04-28T11:02:59 UTC
36
0







3,实战:
以下示例显示添加将受监控的用户

mysql> SET GLOBAL audit_log_include_accounts = 'user1@localhost,root@localhost';
Query OK, 0 rows affected (0.00 sec)
If you you try to add users to both include and exclude lists server will show you the following error:

mysql> SET GLOBAL audit_log_exclude_accounts = 'user1@localhost,root@localhost';
ERROR 1231 (42000): Variable 'audit_log_exclude_accounts' can't be set to the value of 'user1@localhost,root@localhost'
To switch from filtering by included user list to the excluded one or back, first set the currently active filtering variable to NULL:

mysql> SET GLOBAL audit_log_include_accounts = NULL;
Query OK, 0 rows affected (0.00 sec)

mysql> SET GLOBAL audit_log_exclude_accounts = 'user1@localhost,root@localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> SET GLOBAL audit_log_exclude_accounts = "'user'@'host'";
Query OK, 0 rows affected (0.00 sec)

mysql> SET GLOBAL audit_log_exclude_accounts = '''user''@''host''';
Query OK, 0 rows affected (0.00 sec)

mysql> SET GLOBAL audit_log_exclude_accounts = '\'user\'@\'host\'';
Query OK, 0 rows affected (0.00 sec)
To see what users are currently in the on the list you can run:

mysql> SELECT @@audit_log_exclude_accounts;
+------------------------------+
| @@audit_log_exclude_accounts |
+------------------------------+
| 'user'@'host'                |
+------------------------------+
1 row in set (0.00 sec)

--备注:监控的用户名必须和mysql.user里用户名一致,不然不生效

NAME="Connect"
RECORD="4971917_2016-08-22T09:09:10"
TIMESTAMP="2016-08-22T09:12:21 UTC"
CONNECTION_ID="6"
STATUS="0"
USER="user1" ;; this is a 'user' part of account in 5.7
PRIV_USER="user1"
OS_LOGIN=""
PROXY_USER=""
HOST="localhost" ;; this is a 'host' part of account in 5.7
IP=""
DB=""
/>

过渡掉user1(排除user1)

SET GLOBAL audit_log_exclude_accounts = 'user1@%';

对于上文关于Percona Audit Log Plugin实现对mysql 审计的操作步骤,大家觉得是自己想要的吗?如果想要了解更多相关,可以继续关注我们的行业资讯板块。


本文名称:PerconaAuditLogPlugin实现对mysql审计的操作步骤
链接分享:http://jkwzsj.com/article/iphceo.html

其他资讯