为了方便查看和理解,把MariaDB官网关于server_audit插件的一些参数说明跟一个中文博客的内容杂糅在一起。
官网地址:https://mariadb.com/kb/en/library/mariadb-audit-plugin-system-variables/
中文博文:http://blog.51cto.com/daisywei/1905207
server_audit插件
用途:审计mysql5.6版本以上或者MariaDB数据的用户操作行为
有以下系统参数作为审计功能配置使用:
server_audit_output_type:指定日志输出类型,可为SYSLOG或FILE
Description: Specifies the desired output type. Can be SYSLOG or FILE. For example: SET GLOBAL server_audit_output_type=file file: log records will be saved into the rotating log file. The name of the file set by server_audit_file_path variable. syslog: log records will be sent to the local syslogd daemon with the standard <syslog.h> API. The default value is 'file'.
Commandline: --server-audit-output-type=value
Scope(作用范围): Global
Dynamic(值是否动态): Yes
Data Type: enum(枚举类型)
Default Value: file
Valid Values: SYSLOG or FILE
server_audit_logging:启动或关闭审计
Description: Enables/disables the logging. Expected values are ON/OFF. For example: SET GLOBAL server_audit_logging=on If the server_audit_output_type is FILE, this will actually create/open the logfile so the server_audit_file_path should be properly specified beforehand. Same about the SYSLOG-related parameters. The logging is turned off by default.
Commandline: --server-audit-logging[={0|1}]
Scope: Global
Dynamic: Yes
Data Type: boolean
Default Value: OFF
server_audit_events:指定记录事件的类型,可以用逗号分隔的多个值(connect,query,table),如果开启了查询缓存(query cache),查询直接从查询缓存返回数据,将没有table记录
Description: If set it specifies the set of types of events to log. For example: SET GLOBAL server_audit_events='connect, query'
Commandline: --server-audit-events=value
Scope: Global
Dynamic: Yes
Data Type: string
Default Value: Empty string
Valid Values: CONNECT, QUERY and TABLE (QUERY_DDL, QUERY_DML added in 1.2.0 and QUERY_DCL added in 1.3.0, QUERY_DML_NO_SELECT added in 1.4)
server_audit_file_path:如server_audit_output_type为FILE,使用该变量设置存储日志的文件,可以指定目录,默认存放在数据目录的server_audit.log文件中
Description: When server_audit_output_type=file, sets the path and the filename to the log file. If the specified path exists as a directory, then the log will be created inside that directory with the name 'server_audit.log'. Otherwise the value is treated as a filename. The default value is 'server_audit.log', which means this file will be created in the database directory.
Commandline: --server-audit-file-path=value
Scope: Global
Dynamic: Yes
Data Type: string
Default Value: server_audit.log
server_audit_file_rotate_size:限制日志文件的大小
Description: When server_audit_output_type=file, it limits the size of the log file. Reaching that limit turns on the rotation - the current log file is renamed as 'file_path.1'. The empty log file is created as 'file_path' to log into it. The default value is 100000.
Commandline: --server-audit-rotate-size=#
Scope: Global
Dynamic: Yes
Data Type: numeric
Default Value: 1000000
server_audit_file_rotations:指定日志文件的数量,如果为0日志将从不轮转
Description: When server_audit_output_type=file', this specifies the number of rotations to save. If set to 0 then the log never rotates. The default value is 9.
Commandline: --server-audit-rotations=#
Scope: Global
Dynamic: Yes
Data Type: numeric
Default Value: 9
Range: 0 to 999
server_audit_file_rotate_now:强制日志文件轮转
Description: When server_audit_output_type=file, the user can force the log file rotation by setting this variable to ON or 1.
Commandline: --server-audit-rotate-now[={0|1}]
Scope: Global
Dynamic: Yes
Data Type: boolean
Default Value: OFF
server_audit_incl_users:指定哪些用户的活动将记录,connect将不受此变量影响,该变量比server_audit_excl_users优先级高
Description: If not empty, it contains a comma-delimited list of users whose activity will be logged. For example: SET GLOBAL server_audit_incl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged. This setting has higher priority than server_audit_excl_users. So if the same user is specified both in incl_ and excl_ lists, they will still be logged.
Commandline: --server-audit-incl-users=value
Scope: Global
Dynamic: Yes
Data Type: string
Default Value: Empty string
server_audit_syslog_facility:默认为LOG_USER,指定facility,其实这里的意思当为SYSLOG文件变量时,给记录定义一个“设施”记录到这个syslog中,可以用这个facility参数来过滤log。
Description: SYSLOG-mode variable. It defines the 'facility' of the records that will be sent to the syslog. Later the log can be filtered by this parameter.
Commandline: --server-audit-syslog-facility=value
Scope: Global
Dynamic: Yes
Data Type: enum
Default Value: LOG_USER
Valid Values: LOG_USER, LOG_MAIL, LOG_DAEMON, LOG_AUTH, LOG_SYSLOG, LOG_LPR, LOG_NEWS, LOG_UUCP, LOG_CRON, LOG_AUTHPRIV, LOG_FTP, and LOG_LOCAL0–LOG_LOCAL7
server_audit_syslog_ident:设置ident,作为每个syslog记录的一部分,更改新的值后,需要重启这个审计功能
Description: SYSLOG-mode variable. String value for the 'ident' part of each syslog record. Default value is 'mysql-server_auditing'. New value becomes effective only after restarting the logging.
Commandline: --server-audit-syslog-ident=value
Scope: Global
Dynamic: Yes
Data Type: string
Default Value: mysql-server_auditing
server_audit_syslog_info:指定的info字符串将添加到syslog记录,随时可更改
Description: SYSLOG-mode variable. The 'info' string to be added to the syslog records. Can be changed any time.
Commandline: --server-audit-syslog-info=value
Scope: Global
Dynamic: Yes
Data Type: string
Default Value: Empty string
server_audit_syslog_priority:定义记录日志的syslogd priority优先级
Description: SYSLOG-mode variable. Defines the priority of the log records for the syslogd.
Commandline: --server-audit-syslog-priority=value
Scope: Global
Dynamic: Yes
Data Type: enum
Default Value: LOG_INFO
Valid Values:LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG
server_audit_excl_users:该列表的用户行为将不记录,connect将不受该设置影响
Description: If not empty, it contains the list of users whose activity will NOT be logged. For example: SET GLOBAL server_audit_excl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged. The user is still logged if it's specified in server_audit_incl_users.
Commandline: --server-audit-excl-users=value
Scope: Global
Dynamic: Yes
Data Type: string
Default Value: Empty string
server_audit_mode:标识版本,用于开发测试
Description: This variable doesn't have any distinctive meaning for a user. Its value mostly reflects the server version with which the plugin was started and is intended to be used by developers for testing.
Commandline: --server-audit-mode[=#]
可用shell脚本的方式,根据自己数据库审计活动配置相关参数到/etc/mysql目录my.cnf配置文件中,但是必须重启mysql服务
例如:
server_audit_logging=on
server_audit_events=‘query_dml,query_ddl‘
server_audit_file_path =/var/log
server_audit_file_rotate_size=2G
server_audit_file_rotations=30
扫一扫
1846
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
