MariaDB Audit Plugin - Installation Procedures

######################################
# Check the plugin library directory
######################################
MariaDB [(none)]> show global variables like 'plugin_dir';
+---------------+--------------------------+
| Variable_name | Value                    |
+---------------+--------------------------+
| plugin_dir    | /usr/lib64/mysql/plugin/ |
+---------------+--------------------------+
1 row in set (0.001 sec)

[root@MariaDB ~]# ll /usr/lib64/mysql/plugin/server_audit.so
-rwxr-xr-x. 1 root root 241312 Aug 14 12:03 /usr/lib64/mysql/plugin/server_audit.so

######################################
# Install the server_audit.so plug-in
######################################
MariaDB [(none)]> INSTALL SONAME 'server_audit';
Query OK, 0 rows affected (0.033 sec)


###########################################################
# Loading Plugin at Start-Up in /etc/my.cnf.d/server.cnf
# Use FORCE_PLUS_PERMANENT to disallow uninstallation 
# of the plugin by issuing UNINSTALL PLUGIN statement
###########################################################
[mysqld]
...
plugin_load=server_audit=server_audit.so
server_audit=FORCE_PLUS_PERMANENT
server_audit_logging=ON
server_audit_events=connect,query,table
...

######################################################################
# Restart the MariaDB server and check the Audit Plugin variables
######################################################################
[root@MariaDB ~]# systemctl restart mariadb


MariaDB [(none)]> show global variables like 'server_audit%';
+-------------------------------+-----------------------+
| Variable_name                 | Value                 |
+-------------------------------+-----------------------+
| server_audit_events           | CONNECT,QUERY,TABLE   |
| server_audit_excl_users       |                       |
| server_audit_file_path        | server_audit.log      |
| server_audit_file_rotate_now  | OFF                   |
| server_audit_file_rotate_size | 1000000               |
| server_audit_file_rotations   | 9                     |
| server_audit_incl_users       |                       |
| server_audit_logging          | ON                    |
| server_audit_mode             | 0                     |
| server_audit_output_type      | file                  |
| server_audit_query_log_limit  | 1024                  |
| server_audit_syslog_facility  | LOG_USER              |
| server_audit_syslog_ident     | mysql-server_auditing |
| server_audit_syslog_info      |                       |
| server_audit_syslog_priority  | LOG_INFO              |
+-------------------------------+-----------------------+
15 rows in set (0.005 sec)


######################################################################
# View the auditing log
######################################################################

[root@MariaDB ~]# tail -f /var/lib/mysql/server_audit.log
>>
20181109 00:03:45,MariaDB,root,localhost,9,5,QUERY,,'select @@version_comment limit 1',0
20181109 00:03:55,MariaDB,root,localhost,9,6,QUERY,,'show databases',0
20181109 00:04:14,MariaDB,root,localhost,9,7,QUERY,,'SELECT DATABASE()',0
20181109 00:04:14,MariaDB,root,localhost,9,9,QUERY,test,'show databases',0
20181109 00:06:17,MariaDB,root,localhost,9,0,DISCONNECT,test,,0
20181109 00:07:56,MariaDB,NoneExistUsr,localhost,13,0,FAILED_CONNECT,,,1045
20181109 00:07:56,MariaDB,NoneExistUsr,localhost,13,0,DISCONNECT,,,0

 

[REFERENCE]
1. https://mariadb.com/kb/en/library/mariadb-audit-plugin-installation/
2. https://mariadb.com/kb/en/library/mariadb-audit-plugin-log-settings/

arrow
arrow
    文章標籤
    MariaDB
    全站熱搜

    DanBrother 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄