与不同Mysql的是,Mariadb审计插件不用单独下载,直接安装即可。
MariaDB [(none)]> INSTALL PLUGIN server_audit SONAME 'server_audit';
查看安装的插件
MariaDB [(none)]> show plugins;
+--------------------------------+--------+--------------------+-----------------+---------+
| Name | Status | Type | Library | License |
+--------------------------------+--------+--------------------+-----------------+---------+
...
| SERVER_AUDIT | ACTIVE | AUDIT | server_audit.so | GPL |
+--------------------------------+--------+--------------------+-----------------+---------+
安装成功后生成的变量
MariaDB [(none)]> show variables like '%audit%';
+-------------------------------+-----------------------+
| Variable_name | Value |
+-------------------------------+-----------------------+
| server_audit_events | |
| server_audit_excl_users | |
| server_audit_file_path | server_audit.log |
| server_audit_file_rotate_now | OFF |
| server_audit_file_rotate_size | 1000000 |
| server_audit_file_rotations | 9 |
| server_audit_incl_users | |
| server_audit_logging | OFF |
| server_audit_mode | 0 |
| server_audit_output_type | file |
| server_audit_query_log_limit | 1024 |
| server_audit_syslog_facility | LOG_USER |
| server_audit_syslog_ident | mysql-server_auditing |
| server_audit_syslog_info | |
| server_audit_syslog_priority | LOG_INFO |
+-------------------------------+-----------------------+
状态信息
MariaDB [(none)]> show status like '%audit%';
+----------------------------+-------+
| Variable_name | Value |
+----------------------------+-------+
| server_audit_active | OFF |
| server_audit_current_log | |
| server_audit_last_error | |
| server_audit_writes_failed | 0 |
+----------------------------+-------+
同mysql,安装完成后默认没有开启,需要进一步设置并开启。
1:开启审计2:审计为file时指定的文件3:开启日志轮换4:不记录zabbix_user用户(connect操作不受影响)5:只记录root和ogg用户操作6:记录的操作7:日志文件大小
set global server_audit_logging=1;
set global server_audit_file_path='mariadb-audit.log';
set global server_audit_file_rotate_now=on;
set global server_audit_excl_users='zabbix_user';
set global server_audit_incl_users='root,ogg';
set global server_audit_events='query,table';
set global server_audit_file_rotate_size=10*1024;
设置my.cnf
server_audit_logging=1
server_audit_file_path='mariadb-audit.log'
server_audit_incl_users='root,ogg'
server_audit_events='query,table'
server_audit_file_rotate_size=1102400
说明
1、日志格式,mysql日志格式为json;mariadb有file和syslog,syslog则是将日志记录到系统日志/var/log/messages文件
2、卸载uninstall plugin server_audit;