MySQL审计工具Audit Plugin安装使用

环境:CentOS Linux release 7.5.1804 (Core)

本实验的审计插件均是安装在 mysql-community-server-5.7.24 的mysql上

社区版插件下载地址:https://bintray.com/mcafee/mysql-audit-plugin/release/1.1.6-784?pkgPath=%2Fmcafee%2Fmysql-audit-plugin%2Frelease#files

下载:audit-plugin-mysql-5.7-1.1.6-784-linux-x86_64.zip

解压得到两个文件:

libaudit_plugin.so

offset-extract.sh

将libaudit_plugin.so拷贝到mysql/lib/plugin/下,chmod 755 libaudit_plugin.so

使用offset-extract.sh获取本机上mysql版本对应的offsets,./offset-extract.sh mysqld

如果不后驱offsets值会出现以下报错

mysql> install plugin audit soname ‘libaudit_plugin.so’;
ERROR 1123 (HY000): Can’t initialize function ‘audit’; Plugin initialization function failed.

在my.cnf里增加以下参数

audit_json_file = on
plugin-load = AUDIT=libaudit_plugin.so
audit_record_cmds = ‘insert,delete,update,create,drop,alter,grant,truncate’
audit_json_log_file = /data/mysql/dblogs/mysql-audit.json
audit_offsets = 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13464, 148, 672