今天有個庫被人誤操作,更新時沒加條件,結果全表都更新了。所以業務人員要求添加審計。Mysql有一個插件來實現,需要單獨下載。
1)下載:https://bintray.com/mcafee/mysql-audit-plugin/release
2)解壓後將libaudit_plugin.so文件拷貝到$MYSQL_HOME/lib/plugin
3)然後安裝即可
mysql> INSTALL PLUGIN audit SONAME 'libaudit_plugin.so';
4)安裝完成後查看相關變量及狀態
mysql> show plugins;
+----------------------------+----------+--------------------+--------------------+---------+
| Name | Status | Type | Library | License |
+----------------------------+----------+--------------------+--------------------+---------+
...
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |
+----------------------------+----------+--------------------+--------------------+---------+
mysql> show variables like '%audit%';
+---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Variable_name | Value |
+---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| audit_checksum | |
| audit_delay_cmds | |
| audit_delay_ms | 0 |
| audit_force_record_logins | OFF |
| audit_header_msg | ON |
| audit_json_file | OFF |
| audit_json_file_bufsize | 1 |
| audit_json_file_flush | OFF |
| audit_json_file_retry | 60 |
| audit_json_file_sync | 0 |
| audit_json_log_file | mysql-audit.json |
| audit_json_socket | OFF |
| audit_json_socket_name | /tmp/mysql.audit__home_mysql_data_3306 |
| audit_json_socket_retry | 10 |
| audit_offsets | |
| audit_offsets_by_version | ON |
| audit_password_masking_cmds | CREATE_USER,GRANT,SET_OPTION,SLAVE_START,CREATE_SERVER,ALTER_SERVER,CHANGE_MASTER |
| audit_password_masking_regex | identified(?:/\*.*?\*/|\s)*?by(?:/\*.*?\*/|\s)*?(?:password)?(?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"]|password(?:/\*.*?\*/|\s)*?\((?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"](?:/\*.*?\*/|\s)*?\)|password(?:/\*.*?\*/|\s)*?(?:for(?:/\*.*?\*/|\s)*?\S+?)?(?:/\*.*?\*/|\s)*?=(?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"]|password(?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"] |
| audit_record_cmds | |
| audit_record_objs | |
| audit_uninstall_plugin | OFF |
| audit_validate_checksum | ON |
| audit_validate_offsets_extended | ON |
| audit_whitelist_cmds | |
| audit_whitelist_users | |
+---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
mysql> show status like '%audit%';
+------------------------+-----------+
| Variable_name | Value |
+------------------------+-----------+
| Audit_protocol_version | 1.0 |
| Audit_version | 1.0.8-527 |
+------------------------+-----------+
5)安裝完成後,默認不開啓審計通過上述變量做一些設置。以下這是我添加設置,一看就明白
對應下列行:1、開啓審計(0爲關閉)2、審計的日誌文件(默認在data目錄下.json文件)3、開啓日誌刷新(同mysql binlog)4、只記錄lmis和Insterface庫操作5、只記錄這些操作6、審計日誌緩衝區(最大256K)
set global audit_json_file=1;
set global audit_json_log_file='mysql-audit.log';
set global audit_json_file_flush=on;
set global audit_record_objs='lmis.*,interface.*';
set global audit_record_cmds='insert,update,delete,truncate,drop,alter,rename';
set global audit_json_file_bufsize=64*1024;
最後添加到my.cnf文件中#Audit
audit_json_file=1;
audit_json_log_file='mysql-audit.log';
audit_json_file_flush=on;
audit_record_objs='lmis.*,interface.*';
audit_record_cmds='insert,update,delete,truncate,drop,alter,rename';
audit_json_file_bufsize=64K;
說明:其它參數詳見:https://github.com/mcafee/mysql-audit/wiki/Configuration