- mysql日志管理
可以通过 mysqldumpslow工具来对慢查询日志进行分类汇总查看
mysql存在的几种日志,默认情况下mysql日志存放在data目录下,
- 慢查询日志 默认情况下命名为:host_name_slow.log
- 二进制日志 包含所有的DDL和DML,但不包括查询数据, 默认情况下命名为:host_name-bin.000001
- 查询日志 默认情况下命名为:host_name.log
- 错误日志 监控mysql的状态 默认情况下命名为:host_name.err
可以通过mysqlbinlog工具看来查询mysql日志
- mysqlbinlog用法如下:
mysqbinlog mysql.err 查询错误日志
当然可以通过添加参数来查看指定内容,如:
mysqlbinlog mysql-bin.000001 -d test 只显示对test数据库的二进制日志
mysqlbinlog mysql-bin.000001 -o 3 -r result-file 首先忽略前三个操作,并将日志结果输出到result-file文件中
- mysqlbinlog相关参数:
--base64-output[=name]
Determine when the output statements should be
base64-encoded BINLOG statements: 'never' disables it and
works only for binlogs without row-based events;
'decode-rows' decodes row events into commented SQL
statements if the --verbose option is also given; 'auto'
prints base64 only when necessary (i.e., for row-based
events and format description events); 'always' prints
base64 whenever possible. 'always' is for debugging only
and should not be used in a production system. If this
argument is not given, the default is 'auto'; if it is
given with no argument, 'always' is used.
--character-sets-dir=name
Directory for character set files.
-d, --database=name List entries for just this database (local log only).
--debug-check Check memory and open file usage at exit .
--debug-info Print some debug info at exit.
-D, --disable-log-bin
Disable binary log. This is useful, if you enabled
--to-last-log and are sending the output to the same
MySQL server. This way you could avoid an endless loop.
You would also like to use it when restoring after a
crash to avoid duplication of the statements you already
have. NOTE: you will need a SUPER privilege to use this
option.
-F, --force-if-open Force if binlog was not closed properly.
-f, --force-read Force reading unknown binlog events.
-H, --hexdump Augment output with hexadecimal and ASCII event dump.
-h, --host=name Get the binlog from server.
-l, --local-load=name
Prepare local temporary files for LOAD DATA INFILE in the
specified directory.
-o, --offset=# Skip the first N entries.
-p, --password[=name]
Password to connect to remote server.
-P, --port=# Port number to use for connection or 0 for default to, in
order of preference, my.cnf, $MYSQL_TCP_PORT,
/etc/services, built-in default (3306).
--position=# Deprecated. Use --start-position instead.
--protocol=name The protocol to use for connection (tcp, socket, pipe,
memory).
-R, --read-from-remote-server
Read binary logs from a MySQL server.
-r, --result-file=name
Direct output to a given file.
--server-id=# Extract only binlog entries created by the server having
the given id.
--set-charset=name Add 'SET NAMES character_set' to the output.
-s, --short-form Just show regular queries: no extra info and no row-based
events. This is for testing only, and should not be used
in production systems. If you want to suppress
base64-output, consider using --base64-output=never
instead.
-S, --socket=name The socket file to use for connection.
--start-datetime=name
Start reading the binlog at first event having a datetime
equal or posterior to the argument; the argument must be
a date and time in the local time zone, in any format
accepted by the MySQL server for DATETIME and TIMESTAMP
types, for example: 2004-12-25 11:25:56 (you should
probably use quotes for your shell to set it properly).
-j, --start-position=#
Start reading the binlog at position N. Applies to the
first binlog passed on the command line.
--stop-datetime=name
Stop reading the binlog at first event having a datetime
equal or posterior to the argument; the argument must be
a date and time in the local time zone, in any format
accepted by the MySQL server for DATETIME and TIMESTAMP
types, for example: 2004-12-25 11:25:56 (you should
probably use quotes for your shell to set it properly).
--stop-position=# Stop reading the binlog at position N. Applies to the
last binlog passed on the command line.
-t, --to-last-log Requires -R. Will not stop at the end of the requested
binlog but rather continue printing until the end of the
last binlog of the MySQL server. If you send the output
to the same MySQL server, that may lead to an endless
loop.
-u, --user=name Connect to the remote server as username.
-v, --verbose Reconstruct SQL statements out of row events. -v -v adds
comments on column data types.
-V, --version Print version and exit.
--open_files_limit=#
Used to reserve file descriptors for use by this program.
- 在使用mysqlbinlog查看二进制日志时会出现mysqlbinlog: unknown variable 'default-character-set=utf8'
解决办法:
1、mysqlbinlog --no-defaults mysql-bin.000001
2、修改my.cnf
#default-character-set=utf8
因为mysqlbinlog会重新从my.cnf中读取,不是从内存中读取,使用完毕之后,再修改过来即可
- 日志文件的删除:
1、设置缓存时间 logs_expire_date=?
2、使用purge命令删除指定时间之前的日志或指定编号之前的日志: purge master logs to '某个时间点' | '某个文件的编号之前'
3、reset master;
可以通过 binlog-db-db=数据库名称 来设置哪些数据库需要写入日志
binlog-ignore-log=数据库名称 来设置哪些数据库不需要写入日志
- mysql权限管理
用户登陆mysql时,mysql会对连接的用户进行身份验证,并对通过验证的用户赋予对应的权限
mysql权限主要存在于user db host tables_priv columns_priv 表中
当用户访问mysql时,其所属权限的加载顺序为:user--->db--->tables_priv--->columns_priv
如果user中INSERT权限设置为Y,则用户拥有全局的INSERT权限
若user中INSERT权限设置为N,mysql会通过db表查询用是否拥有某个数据库的INSERT权限,
若db中INSERT权限为N,mysql或通过tables_priv表查询用户是否拥有某个表的插入权限,
创建用户,并分配权限:
grant select on *.* to root@localhost identified by 'password' with grant option;
回收用户权限
revoke select on *.* from root@localhost;
向用户授予数据库test的car_info表的索引权限
grant INDEX on test.car_info to cyberton_admin@localhost;
查看用户权限
show grants for cyberton_admin@localhost;
修改用户密码
grant usage on *.* TO 'cyberton_admin'@'localhost' IDENTIFIED BY '123456789';
或update user set password = password('123456') where user = 'cyberton_admin';flush privileges;
或 SET PASSWORD FOR cyberton_admin@localhost = PASSWORD('123456');
删除用户
drop user cyberton_admin@localhost;
或回收用户权限
- mysql安全问题
严格控制操作系统账号和权限
避免以root权限运行
防止DNS欺骗 user表中host字段尽量使用IP地址,而不是域名
删除匿名账号(密码为空字符)
只授予账号必须的权限
除root外,任何用户不应有user表的存取权限
REVOKE命令漏洞 当用户被多次授予权限时,通过revoke all privileges 并不能回收权限,需要分别回收
了解my.cnf下和安全相关的一些参数,safe-user-create
- mysql中常用工具
执行选项:
-e , --EXECUTE=NAME 执行sql语句并退出
mysql -uroot -p cyberton -e "select * from user";
格式化选项:
-E,--vertical ,输出方式按照字段顺序垂直显示
-s ,--slient,去掉显示中的线条框 mysql -s -uroot -p;
错误处理选项:
-f , --force 强制执行sql
-v, --verbose 显示更多信息
--show-warnings 显示警告信息
数据库压缩
myisampack table-name; 压缩只适用于MyISAM数据库,压缩后的数据库只支持查询功能
mysqlbinlog 日志管理工具
mysqlcheck工具用于检测和修复MyISAM数据库
-c , --check 检查表
-r , --repair 修复表
-a ,-- analyze 分析表
-o ,--optimize 优化表
mysqlcheck -uroot -p cyberton -c 检查cyberton数据库
mysqldump数据库导出工具
mysqlshow 用于查看数据库信息
查看数据库和表的统计信息
mysqlshow -uroot -p --count;未指定数据库
mysqlshow -uroot -p cyberton --count;指定数据库
查看数据库中的表的状态信息
mysqlshow -uroot -p cyberton car_info -i
查看数据库中的表的索引信息
mysqlshow -uroot -p cyberton car_info -k
mysqlhotcopy 用于快速备份MyISAM数据库
perror 50 用于查看错误代码
601
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
