MySQL审计日志动态安装mysql-audit_mysql 安装 audit-优快云博客

本文链接：https://blog.youkuaiyun.com/yongjiu2000/article/details/145492991

1. 查看 MYSQL 版本并找出审计对应版本：
[root@dbus1 ~]# mysqld -V
mysqld Ver 5.7.39 for Linux on x86_64 (MySQL Community Server (GPL))
[root@dbus1 ~]#

2. 查看审计日志对应版本：

打开地址： https://github.com/trellix-enterprise/mysql-audit/releases

v1.1.13 Latest
Added support for:
MySQL 64-bit 8.0.30
MySQL 64-bit 5.7.39, 5.7.38
MySQL 32-bit 5.7.39, 5.7.38

MariaDB 64-bit 10.7.5, 10.7.4, 10.7.3, 10.5.16, 10.2.44
MariaDB 32-bit 10.2.44

v1.1.12
Added support for:
MySQL 64-bit 8.0.28, 8.0.27, 8.0.26

MySQL 64-bit 5.7.37
MySQL 32-bit 5.7.37

MariaDB 64-bit 10.6.7, 10.6.5, 10.6.4, 10.6.3

MariaDB 64-bit 10.5.15, 10.4.24, 10.2.43
MariaDB 32-bit 10.2.43

3. 下载对应版本：

wget https://github.com/trellix-enterprise/mysql-audit/releases/download/v1.1.13/audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip

4. 解压文件：

[root@dbus1 ~]# cd /home/mysql

[root@dbus1 mysql]# unzip audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip

[root@dbus1 mysql]# cd audit-plugin-mysql-5.7-1.1.13-1008

[root@dbus1 audit-plugin-mysql-5.7-1.1.13-1008]# ls
COPYING lib plugin-name.txt README.txt THIRDPARTY.txt utils
[root@dbus1 audit-plugin-mysql-5.7-1.1.13-1008]#

mysql>

6. 复制插件到MYSQL插件目录并赋权：

[root@dbus1 ~]# cp /home/mysql/audit-plugin-mysql-5.7-1.1.13-1008/lib/libaudit_plugin.so /usr/lib64/mysql/plugin/

[root@dbus1 ~]# chown -R mysql:mysql /home/mysql/audit-mysql

7. 创建文件目录及审计文件：
/home/mysql/audit-mysql/mysql-audit.log
[root@dbus1 ~]# chown -R mysql:mysql /home/mysql/audit-mysql

8. 安装插件：
mysql> INSTALL PLUGIN audit SONAME 'libaudit_plugin.so';

9. 设置参数：
mysql> set global audit_json_file=1;
Query OK, 0 rows affected (0.00 sec)
mysql> set global audit_json_log_file='/home/mysql/audit-mysql/mysql-audit.log';
Query OK, 0 rows affected (0.00 sec)
mysql> set global audit_json_file_flush=on;
Query OK,