MariaDB Audit Plugin - Installation Procedures
######################################
# Check the plugin library directory
######################################
MariaDB [(none)]> show global variables like 'plugin_dir';
+---------------+--------------------------+
| Variable_name | Value |
+---------------+--------------------------+
| plugin_dir | /usr/lib64/mysql/plugin/ |
+---------------+--------------------------+
1 row in set (0.001 sec)
[root@MariaDB ~]# ll /usr/lib64/mysql/plugin/server_audit.so
-rwxr-xr-x. 1 root root 241312 Aug 14 12:03 /usr/lib64/mysql/plugin/server_audit.so
######################################
# Install the server_audit.so plug-in
######################################
MariaDB [(none)]> INSTALL SONAME 'server_audit';
Query OK, 0 rows affected (0.033 sec)
###########################################################
# Loading Plugin at Start-Up in /etc/my.cnf.d/server.cnf
# Use FORCE_PLUS_PERMANENT to disallow uninstallation
# of the plugin by issuing UNINSTALL PLUGIN statement
###########################################################
[mysqld]
...
plugin_load=server_audit=server_audit.so
server_audit=FORCE_PLUS_PERMANENT
server_audit_logging=ON
server_audit_events=connect,query,table
...
######################################################################
# Restart the MariaDB server and check the Audit Plugin variables
######################################################################
[root@MariaDB ~]# systemctl restart mariadb
MariaDB [(none)]> show global variables like 'server_audit%';
+-------------------------------+-----------------------+
| Variable_name | Value |
+-------------------------------+-----------------------+
| server_audit_events | CONNECT,QUERY,TABLE |
| server_audit_excl_users | |
| server_audit_file_path | server_audit.log |
| server_audit_file_rotate_now | OFF |
| server_audit_file_rotate_size | 1000000 |
| server_audit_file_rotations | 9 |
| server_audit_incl_users | |
| server_audit_logging | ON |
| server_audit_mode | 0 |
| server_audit_output_type | file |
| server_audit_query_log_limit | 1024 |
| server_audit_syslog_facility | LOG_USER |
| server_audit_syslog_ident | mysql-server_auditing |
| server_audit_syslog_info | |
| server_audit_syslog_priority | LOG_INFO |
+-------------------------------+-----------------------+
15 rows in set (0.005 sec)
######################################################################
# View the auditing log
######################################################################
[root@MariaDB ~]# tail -f /var/lib/mysql/server_audit.log
>>
20181109 00:03:45,MariaDB,root,localhost,9,5,QUERY,,'select @@version_comment limit 1',0
20181109 00:03:55,MariaDB,root,localhost,9,6,QUERY,,'show databases',0
20181109 00:04:14,MariaDB,root,localhost,9,7,QUERY,,'SELECT DATABASE()',0
20181109 00:04:14,MariaDB,root,localhost,9,9,QUERY,test,'show databases',0
20181109 00:06:17,MariaDB,root,localhost,9,0,DISCONNECT,test,,0
20181109 00:07:56,MariaDB,NoneExistUsr,localhost,13,0,FAILED_CONNECT,,,1045
20181109 00:07:56,MariaDB,NoneExistUsr,localhost,13,0,DISCONNECT,,,0
[REFERENCE]
1. https://mariadb.com/kb/en/library/mariadb-audit-plugin-installation/
2. https://mariadb.com/kb/en/library/mariadb-audit-plugin-log-settings/
留言列表
{{ article.title }}