MariaDB Audit Statistics
环境:mariadb-10.1.13
Audit
https://mariadb.com/kb/en/mariadb-audit- plugin/
比较新的mariadb版本audit插件直接内嵌在版本里,可以直接安装
(jlive)[isfdb]>INSTALL PLUGIN server_audit SONAME 'server_audit.so';
Query OK, 0 rows affected (0.16 sec)
(jlive)[isfdb]>SHOW PLUGINS;
+-------------------------------+----------+--------------------+-----------------+---------+
| Name | Status | Type | Library | License |
+-------------------------------+----------+--------------------+-----------------+---------+
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
| mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| mysql_old_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| wsrep | ACTIVE | STORAGE ENGINE | NULL | GPL |
| CSV | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MRG_MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| CLIENT_STATISTICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INDEX_STATISTICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| TABLE_STATISTICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| USER_STATISTICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL |
| XTRADB_READ_VIEW | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| XTRADB_INTERNAL_HASH_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| XTRADB_RSEG | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CHANGED_PAGES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_MUTEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_SEMAPHORE_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_TABLESPACES_ENCRYPTION | ACTIVE | INFORMATION SCHEMA | NULL | BSD |
| INNODB_TABLESPACES_SCRUBBING | ACTIVE | INFORMATION SCHEMA | NULL | BSD |
| CHANGED_PAGE_BITMAPS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| SEQUENCE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL |
| Aria | ACTIVE | STORAGE ENGINE | NULL | GPL |
| FEEDBACK | DISABLED | INFORMATION SCHEMA | NULL | GPL |
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| TokuDB | ACTIVE | STORAGE ENGINE | ha_tokudb.so | GPL |
| TokuDB_trx | ACTIVE | INFORMATION SCHEMA | ha_tokudb.so | GPL |
| TokuDB_lock_waits | ACTIVE | INFORMATION SCHEMA | ha_tokudb.so | GPL |
| TokuDB_locks | ACTIVE | INFORMATION SCHEMA | ha_tokudb.so | GPL |
| TokuDB_file_map | ACTIVE | INFORMATION SCHEMA | ha_tokudb.so | GPL |
| TokuDB_fractal_tree_info | ACTIVE | INFORMATION SCHEMA | ha_tokudb.so | GPL |
| TokuDB_fractal_tree_block_map | ACTIVE | INFORMATION SCHEMA | ha_tokudb.so | GPL |
| CONNECT | ACTIVE | STORAGE ENGINE | ha_connect.so | GPL |
| SERVER_AUDIT | ACTIVE | AUDIT | server_audit.so | GPL |
+-------------------------------+----------+--------------------+-----------------+---------+
64 rows in set (0.00 sec)
(jlive)[isfdb]>SHOW GLOBAL VARIABLES LIKE 'plugin_dir';
+---------------+--------------------------+
| Variable_name | Value |
+---------------+--------------------------+
| plugin_dir | /opt/mariadb/lib/plugin/ |
+---------------+--------------------------+
1 row in set (0.15 sec)
[mysqld]
plugin-load=server_audit=server_audit.so
server_audit=FORCE_PLUS_PERMANENT
二.使用Audit
查看
(jlive)[isfdb]>SHOW GLOBAL VARIABLES LIKE 'server_audit%'\G
*************************** 1. row ***************************
Variable_name: server_audit_events
Value:
*************************** 2. row ***************************
Variable_name: server_audit_excl_users
Value:
*************************** 3. row ***************************
Variable_name: server_audit_file_path
Value: server_audit.log
*************************** 4. row ***************************
Variable_name: server_audit_file_rotate_now
Value: OFF
*************************** 5. row ***************************
Variable_name: server_audit_file_rotate_size
Value: 1000000
*************************** 6. row ***************************
Variable_name: server_audit_file_rotations
Value: 9
*************************** 7. row ***************************
Variable_name: server_audit_incl_users
Value:
*************************** 8. row ***************************
Variable_name: server_audit_loc_info
Value: OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
*************************** 9. row ***************************
Variable_name: server_audit_logging
Value: OFF
*************************** 10. row ***************************
Variable_name: server_audit_mode
Value: 0
*************************** 11. row ***************************
Variable_name: server_audit_output_type
Value: file
*************************** 12. row ***************************
Variable_name: server_audit_query_log_limit
Value: 1024
*************************** 13. row ***************************
Variable_name: server_audit_syslog_facility
Value: LOG_USER
*************************** 14. row ***************************
Variable_name: server_audit_syslog_ident
Value: mysql-server_auditing
*************************** 15. row ***************************
Variable_name: server_audit_syslog_info
Value:
*************************** 16. row ***************************
Variable_name: server_audit_syslog_priority
Value: LOG_INFO
16 rows in set (0.00 sec)
启用audit
(jlive)[isfdb]>SET GLOBAL server_audit_logging=ON;
Query OK, 0 rows affected (0.15 sec)
(jlive)[isfdb]>SET GLOBAL server_audit_file_rotate_now=ON;
Query OK, 0 rows affected (0.00 sec)
(jlive)[isfdb]>SHOW GLOBAL STATUS LIKE 'server_audit%';
+----------------------------+------------------+
| Variable_name | Value |
+----------------------------+------------------+
| Server_audit_active | ON |
| Server_audit_current_log | server_audit.log |
| Server_audit_last_error | |
| Server_audit_writes_failed | 0 |
+----------------------------+------------------+
4 rows in set (0.00 sec)
配置需要(或不需要)track的用户
SET GLOBAL server_audit_incl_users = 'untrusted_user';
SET GLOBAL server_audit_incl_users = CONCAT(@@global.server_audit_incl_users,',untrusted_user2');
SHOW GLOBAL VARIABLES LIKE 'server_audit_incl_users';
SET GLOBAL server_audit_excl_users = 'trusted_user';
SET GLOBAL server_audit_excl_users = CONCAT(@@global.server_audit_excl_users, ',trusted_user2');
SHOW GLOBAL VARIABLES LIKE 'server_audit_excl_users';
说明:默认情况下,audit会track所有用户,可以通过server_audit_incl_users来指定要track的用户,也可以通过server_audit_excl_users来排除不需要track的用户,作限制和排除时会忽略主机名,如下用户都会include到track用户下,同时incl的优先级高于excl,也就是说,如果一个用户既在incl又在excl,则这个用户会被track
untrusted_user@'localhost'
untrusted_user@'192.168.1.%'
untrusted_user@'%'
(jlive)[isfdb]>SHOW GLOBAL VARIABLES LIKE 'server_audit_incl_users';
+-------------------------+--------------------------------+
| Variable_name | Value |
+-------------------------+--------------------------------+
| server_audit_incl_users | untrusted_user,untrusted_user2 |
+-------------------------+--------------------------------+
1 row in set (0.00 sec)
(jlive)[isfdb]>SHOW GLOBAL VARIABLES LIKE 'server_audit_excl_users';
+-------------------------+----------------------------+
| Variable_name | Value |
+-------------------------+----------------------------+
| server_audit_excl_users | trusted_user,trusted_user2 |
+-------------------------+----------------------------+
1 row in set (0.00 sec)
Statistics
https://mariadb.com/kb/en/engine-independent-table-statistics/
不管使用哪种存储引擎,mariadb都能够对所有的表进行统计
启用表统计
SET GLOBAL use_stat_tables=complementary; #有三个合法的值(never不使用表统计;complementary如果存储引擎没有类似的统计功能,则使用表统计;preferably总是使用表统计)
ANALYZE TABLE table_name;
ANALYZE TABLE table_name PERSISTENT FOR COLUMNS (column_1,column_2,...) INDEXES (index_1,index_2,...);
查看统计信息
SELECT * FROM mysql.table_stats;
SELECT * FROM mysql.index_stats;
SELECT * FROM mysql.column_stats;
Extended Statistics
启用
SET GLOBAL userstat=1;
[mysqld]
userstat = 1
查看统计
SHOW CLIENT_STATISTICS;
SHOW INDEX_STATISTICS;
SHOW TABLE_STATISTICS;
SHOW USER_STATISTICS;
统计置零
FLUSH CLIENT_STATISTICS;
FLUSH INDEX_STATISTICS;
FLUSH TABLE_STATISTICS;
FLUSH USER_STATISTICS;
performance
https://mariadb.com/kb/en/performance-schema/
说明:performance_schema不能动态生效,任何对performance_schema的修改都需要写入配置文件后才能生效
启用performance_schema
在配置文件中添加如下行重启
[mysqld]
performance_schema
查看用户连接次数
(jlive)[isfdb]>SELECT * FROM performance_schema.users;
+--------+---------------------+-------------------+
| USER | CURRENT_CONNECTIONS | TOTAL_CONNECTIONS |
+--------+---------------------+-------------------+
| zabbix | 3 | 3 |
| jlive | 1 | 1 |
| NULL | 22 | 26 |
+--------+---------------------+-------------------+
3 rows in set (0.01 sec)
提示:禁用用户连接数统计,添加如下行后重启,默认值为-1,统计所有
[mysqld]
performance_schema_users_size=0
查看激活连接的线程
(jlive)[isfdb]>SELECT * FROM performance_schema.threads WHERE type="foreground"\G
*************************** 1. row ***************************
THREAD_ID: 25
NAME: thread/sql/one_connection
TYPE: FOREGROUND
PROCESSLIST_ID: 3
PROCESSLIST_USER: zabbix
PROCESSLIST_HOST: localhost
PROCESSLIST_DB: zabbix
PROCESSLIST_COMMAND: Sleep
PROCESSLIST_TIME: 0
PROCESSLIST_STATE: NULL
PROCESSLIST_INFO: NULL
PARENT_THREAD_ID: 1
ROLE: NULL
INSTRUMENTED: YES
*************************** 2. row ***************************
THREAD_ID: 27
NAME: thread/sql/one_connection
TYPE: FOREGROUND
PROCESSLIST_ID: 5
PROCESSLIST_USER: jlive
PROCESSLIST_HOST: 192.168.130.1
PROCESSLIST_DB: isfdb
PROCESSLIST_COMMAND: Query
PROCESSLIST_TIME: 0
PROCESSLIST_STATE: Sending data
PROCESSLIST_INFO: SELECT * FROM performance_schema.threads WHERE type="foreground"
PARENT_THREAD_ID: NULL
ROLE: NULL
INSTRUMENTED: YES
转载于:https://www.cnblogs.com/lixuebin/p/10814120.html
MariaDB Audit Statistics相关推荐
- 1.2. MariaDB
http://mariadb.org/ 1.2.1. CentOS YUM 安装 MariaDB cat >> /etc/yum.repos.d/MariaDB.repo << ...
- mysql audit 表_关于MySQL AUDIT(审计)那点事
2017年06月02日MySQL社区版本最新版为MySQL_5.7.18,但是该版本不带AUDIT功能(MySQL Enterprise Edition自带AUDIT功能), 因此需要加载plugin ...
- mysql 故障处理_MySQL日志故障的处理和分析
有一台预上线的服务器最近在做压力测试,也引发了一系列的相关问题,排查思路可以提供参考. 问题的起因就是收到同事提醒,根据监控报警提示,磁盘空间满了.上面有一个MySQL服务,现在已经写入不了数据了. ...
- mysql5.7审计功能开启_MySQL5.7审计功能windows系统
MySQL5.7审计功能windows系统 MySQL的审计功能,主要可以记录下对数据库的所有操作,包括登录.连接.对表的增删改查等,便于责任追溯,问题查找,当然一定方面也会影响数据库效率.根据 My ...
- MySQL审计特性调研
女主宣言 数据库的审计功能主要是记录用户对数据库的各类操作行为,用于以后进行查询.分析和跟踪问题.本文主要调研了一些开源的审计插件,并对其安装和使用方式进行了介绍. PS:丰富的一线技术.多元化的表现 ...
- dba+开源工具:轻量级数据库审计日志平台,违规操作无所遁形(附下载)
工具研发者介绍 贺春旸, 凡普金科和爱钱进DBA团队负责人,<MySQL管理之道:性能调优.高可用与监控>第一.二版作者,曾任职于中国移动飞信.安卓机锋网.四次荣获dbaplus年度MVP ...
- mysql进阶:企业数据库安全防护方案
0.引言 数据库安全是系统安全的重中之重,做好数据库安全防护及规范,是系统建设的基础. 今天我们来看看企业生产如何落地数据库安全防护机制. 1. 数据库安全问题 最好数据库安全,我们首先要了解能够威胁 ...
- 【企业安全实战】数据库审计部署实践
0x01 概述 安全的核心是数据,数据库安全也是企业安全中很重要的一点,当然数据库安全涉及到很多方面,又衍生出很多安全产品,例如数据库审计.数据库防火墙.数据库加密.数据库脱敏等,本文主要阐述企业内部 ...
- 16 | 数据库安全:数据库中的数据是如何被黑客拖取的?
说到数据库,你肯定会说:"数据库是我最熟悉的工具了.利用它,我能够设计复杂的表结构.写出炫酷的 SQL 语句.优化高并发场景下的读写性能."当然,我们的日常工作离不开数据库的使用. ...
最新文章
- android 快应用原理,快应用初探——写一个快应用练练手。
- map,filter,reduce函数总结
- Android之ListView优化
- 怎么用ajax导出word_Word文档太大怎么压缩?你应该用这种方法压缩
- 获取Docker中容器的信息
- java 注解 id_java注解
- linux磁盘格式化
- 华为云ModelArts 2.0全面升级,革新传统AI开发模式
- mysql5.5源码安装_MySQL5.5源码安装
- 吴恩达机器学习cs229一二节总结
- 人人商城删除后台菜单“小程序”
- 1206、0805、0603、0402、0201、01005、008004,你手工焊接过的最小的封装是哪个
- 算法学习 | 期望dp+概率dp
- commitizen 以及 conventional-changelog 使用心得
- [CSP-S 2022] 策略游戏
- C++实现DLL注入的完整过程
- 【Pytorch Lighting】第 7 章:半监督学习
- 三色标记(可达性分析算法)及一些思考
- 高级信息系统项目管理师十大领域
- 《勇士传说》横版卷轴动作类游戏笔记-3.场景绘制和叠层设置