MySQL 添加審計功能

MySQL社區版沒有自帶的設計功能或插件。調研發現MariaDB的audit plugin 同樣適用於MySQL，支持更細粒度的審計，比如只審計DDL操作，滿足我們的需求。因為最近測試環境的某表結構經常性的被變更且數據被清空的情況，所以引入MariaDB的插件對DDL進行審計

MariaDB audit plugin 官網

MariaDB audit plugin 下載地址

查看MySQL的插件路徑

mysql> show global variables like '%plugin%';
+---------------+------------------------------+
| Variable_name | Value                        |
+---------------+------------------------------+
| plugin_dir    | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
1 row in set (0.00 sec)

mysql> select version();
+------------+
| version()  |
+------------+
| 5.6.33-log |
+------------+
1 row in set (0.00 sec)

我選擇下載的插件版本文件為 server_audit-1.4.0.tar.gz

解壓后將插件文件server_audit.so拷貝到MySQL的插件文件目錄下

安裝

mysql> INSTALL PLUGIN server_audit SONAME 'server_audit.so';
Query OK, 0 rows affected (0.02 sec)
#在線安裝加載插件重啟后會失效，可以在配置文件中配置
[mysqld] 
...
plugin_load=server_audit=server_audit.so

配置審計項

# 安裝完之后相關的配置項有
SHOW GLOBAL VARIABLES LIKE 'server_audit%';

+-------------------------------+-----------------------+
| Variable_name                 | Value                 |
+-------------------------------+-----------------------+
| server_audit_events           | CONNECT,QUERY,TABLE   |
| server_audit_excl_users       |                       |
| server_audit_file_path        | server_audit.log      |
| server_audit_file_rotate_now  | OFF                   |
| server_audit_file_rotate_size | 1000000               |
| server_audit_file_rotations   | 9                     |
| server_audit_incl_users       |                       |
| server_audit_logging          | ON                    |
| server_audit_mode             | 0                     |
| server_audit_output_type      | file                  |
| server_audit_query_log_limit  | 1024                  |
| server_audit_syslog_facility  | LOG_USER              |
| server_audit_syslog_ident     | mysql-server_auditing |
| server_audit_syslog_info      |                       |
| server_audit_syslog_priority  | LOG_INFO              |
+-------------------------------+-----------------------+

根據我們的需求設置

mysql> set global server_audit_events='query_ddl,table';        
Query OK, 0 rows affected (0.00 sec)

mysql> set global server_audit_logging=on;
Query OK, 0 rows affected (0.00 sec)

設置完之后關於ddl的審計日志如

20180416 11:25:22,mysql-5.6.dev.yz,root,localhost,34950852,21554,QUERY,test,'truncate table t1',0

關於server_audit_events可選的參數有connect：會記錄所有的連接，包括失敗的以及關閉連接的日志，如日志中記錄的，但是對我們來說不關心這些

[root@mysql-5.6.dev.yz 3306_develop]# tailf server_audit.log             
20180416 11:22:42,mysql-5.6.dev.yz,root,10.211.253.104,34950731,0,CONNECT,test,,0
20180416 11:22:48,mysql-5.6.dev.yz,admin,10.211.253.153,34950655,0,DISCONNECT,test,,0
20180416 11:22:48,mysql-5.6.dev.yz,admin,10.211.253.153,34950732,0,CONNECT,test,,0
20180416 11:22:49,mysql-5.6.dev.yz,admin,10.211.253.101,34950664,0,DISCONNECT,test,,0