点击上方“IT那活儿”公众号,关注后了解更多内容,不管IT什么活儿,干就完了!!!
本文以MariaDB Audit Plugin为例进行说明。
本次使用MySQL社区版5.7.28版本数据库,MariaDB Audit Plugin 1.4.4版本。
mysql> INSTALL PLUGIN server_audit SONAME 'server_audit.so';
server_audit_events
Description: If set, then this restricts audit logging to certain event types. If not set, then every event type is logged to the audit log. For example: SET GLOBAL server_audit_events='connect, query' Commandline: --server-audit-events=value Scope: Global Dynamic: Yes Data Type: string Default Value: Empty string Valid Values: CONNECT, QUERY, TABLE (MariaDB Audit Plugin < 1.2.0) CONNECT, QUERY, TABLE, QUERY_DDL, QUERY_DML (MariaDB Audit Plugin >= 1.2.0) CONNECT, QUERY, TABLE, QUERY_DDL, QUERY_DML, QUERY_DCL (MariaDB Audit Plugin >=1.3.0) CONNECT, QUERY, TABLE, QUERY_DDL, QUERY_DML, QUERY_DCL, QUERY_DML_NO_SELECT (MariaDB Audit Plugin >= 1.4.4) See MariaDB Audit Plugin - Versions to determine which MariaDB releases contain each MariaDB Audit Plugin versions.
Description: If not empty, it contains the list of users whose activity will NOT be logged. For example: SET GLOBAL server_audit_excl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged. The user is still logged if it's specified in server_audit_incl_users. Commandline: --server-audit-excl-users=value Scope: Global Dynamic: Yes Data Type: string Default Value: Empty string Size limit: 1024 characters
Description: When server_audit_output_type=file, sets the path and the filename to the log file. If the specified path exists as a directory, then the log will be created inside that directory with the name 'server_audit.log'. Otherwise the value is treated as a filename. The default value is 'server_audit.log', which means this file will be created in the database directory. Commandline: --server-audit-file-path=value Scope: Global Dynamic: Yes Data Type: string Default Value: server_audit.log
Description: When server_audit_output_type=file, the user can force the log file rotation by setting this variable to ON or 1. Commandline: --server-audit-rotate-now[={0|1}] Scope: Global Dynamic: Yes Data Type: boolean Default Value: OFF
Description: When server_audit_output_type=file, it limits the size of the log file to the given amount of bytes. Reaching that limit turns on the rotation - the current log file is renamed as 'file_path.1'. The empty log file is created as 'file_path' to log into it. The default value is 1000000. Commandline: --server-audit-rotate-size=# Scope: Global Dynamic: Yes Data Type: numeric Default Value: 1000000 Range: 100 to 9223372036854775807
Description: When server_audit_output_type=file', this specifies the number of rotations to save. If set to 0 then the log never rotates. The default value is 9. Commandline: --server-audit-rotations=# Scope: Global Dynamic: Yes Data Type: numeric Default Value: 9 Range: 0 to 999
Description: If not empty, it contains a comma-delimited list of users whose activity will be logged. For example: SET GLOBAL server_audit_incl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged. This setting has higher priority than server_audit_excl_users. So if the same user is specified both in incl_ and excl_ lists, they will still be logged. Commandline: --server-audit-incl-users=value Scope: Global Dynamic: Yes Data Type: string Default Value: Empty string Size limit: 1024 characters
Description: Used by plugin internals. It has no useful meaning to users. In earlier versions, users see it as a read-only variable. In later versions, it is hidden from the user. Commandline: N/A Scope: Global Dynamic: No Data Type: string Default Value: Empty string Introduced: MariaDB 10.1.12, MariaDB 10.0.24, MariaDB 5.5.48 Hidden: MariaDB 10.1.18, MariaDB 10.0.28, MariaDB 5.5.53
Description: Enables/disables the logging. Expected values are ON/OFF. For example: SET GLOBAL server_audit_logging=on If the server_audit_output_type is FILE, this will actually create/open the logfile so the server_audit_file_path should be properly specified beforehand. Same about the SYSLOG-related parameters. The logging is turned off by default. Commandline: --server-audit-logging[={0|1}] Scope: Global Dynamic: Yes Data Type: boolean Default Value: OFF
Description: This variable doesn't have any distinctive meaning for a user. Its value mostly reflects the server version with which the plugin was started and is intended to be used by developers for testing. Commandline: --server-audit-mode[=#] Scope: Global Dynamic: Yes Data Type: numeric Default Value: 0 Range: 0 to 1
Description: Specifies the desired output type. Can be SYSLOG, FILE or null as no output. For example: SET GLOBAL server_audit_output_type=file file: log records will be saved into the rotating log file. The name of the file set by server_audit_file_path variable. syslog: log records will be sent to the local syslogd daemon with the standard <syslog.h> API. The default value is 'file'. Commandline: --server-audit-output-type=value Scope: Global Dynamic: Yes Data Type: enum Default Value: file Valid Values: SYSLOG, FILE
Description: Limit on the length of the query string in a record. Commandline: --server-audit-query-log-limit=# Scope: Global Dynamic: Yes Data Type: numeric Default Value: 1024 Range: 0 to 2147483647
Description: SYSLOG-mode variable. It defines the 'facility' of the records that will be sent to the syslog. Later the log can be filtered by this parameter. Commandline: --server-audit-syslog-facility=value Scope: Global Dynamic: Yes Data Type: enum Default Value: LOG_USER Valid Values: LOG_USER, LOG_MAIL, LOG_DAEMON, LOG_AUTH, LOG_SYSLOG, LOG_LPR, LOG_NEWS, LOG_UUCP, LOG_CRON, LOG_AUTHPRIV, LOG_FTP, and LOG_LOCAL0–LOG_LOCAL7.
Description: SYSLOG-mode variable. String value for the 'ident' part of each syslog record. Default value is 'mysql-server_auditing'. New value becomes effective only after restarting the logging. Commandline: --server-audit-syslog-ident=value Scope: Global Dynamic: Yes Data Type: string Default Value: mysql-server_auditing
Description: SYSLOG-mode variable. The 'info' string to be added to the syslog records. Can be changed any time. Commandline: --server-audit-syslog-info=value Scope: Global Dynamic: Yes Data Type: string Default Value: Empty string
Description: SYSLOG-mode variable. Defines the priority of the log records for the syslogd. Commandline: --server-audit-syslog-priority=value Scope: Global Dynamic: Yes Data Type: enum Default Value: LOG_INFO Valid Values:LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG
server_audit
Description: Controls how the server should treat the plugin when the server starts up. OFF - Disables the plugin without removing it from the mysql.plugins table. ON - Enables the plugin. If the plugin cannot be initialized, then the server will still continue starting up, but the plugin will be disabled. FORCE - Enables the plugin. If the plugin cannot be initialized, then the server will fail to start with an error. FORCE_PLUS_PERMANENT - Enables the plugin. If the plugin cannot be initialized, then the server will fail to start with an error. In addition, the plugin cannot be uninstalled with UNINSTALL SONAME or UNINSTALL PLUGIN while the server is running. Valid values are: See MariaDB Audit Plugin - Installation: Prohibiting Uninstallation for more information on one use case. See Plugin Overview: Configuring Plugin Activation at Server Startup for more information. Commandline: --server-audit=val Data Type: enumerated Default Value: ON Valid Values: OFF, ON, FORCE, FORCE_PLUS_PERMANENT
https://mariadb.com/kb/en/mariadb-audit-plugin-options-and-system-variables/
测试:
卸载:
mysql> UNINSTALL PLUGIN server_audit;
mysql> show variables like '%audit%';
Empty set (0.00 sec)
[mysqld]
server_audit=FORCE_PLUS_PERMANENT
mysql> UNINSTALL PLUGIN server_audit;
ERROR 1702 (HY000): Plugin 'server_audit' is force_plus_permanent and can not be unloaded
本文作者:四条眉毛(上海新炬中北团队)
本文来源:“IT那活儿”公众号
文章转载自IT那活儿,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
