目录
- general_log
- log_bin
- audit_log(mysql_audit.json)
- audit_log(server_audit.log)
以下日志开启均在mysql5.7.32进行测试
general_log
general_log支持热开启,热关闭。开启general_log会记录所有操作mysql命令,所以会产生大量文件,一般不开启。
相关参数general_log、log_output、general_log_file
mysql> show variables like 'general_log'; --查看日志是否开启
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| general_log | OFF |
+---------------+-------+ row in set (1.09 sec)
mysql> show variables like 'general_log_file'; --general_log_file日志保存位置
+------------------+--------------------------------------+
| Variable_name | Value |
+------------------+--------------------------------------+
| general_log_file | /opt/sudytech/mysql/data/general.log |
+------------------+--------------------------------------+ row in set (2.41 sec)
mysql> show variables like 'log_output'; --日志输出类型 table和file两种类型
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| log_output | FILE |
+---------------+-------+ row in set (0.00 sec)
log_output='FILE' 表示将日志存入文件,默认值是FILE
log_output='TABLE'表示将日志存入数据库,这样日志信息就会被写入到mysql.slow_log表中.
mysql数据库支持同时两种日志存储方式,配置的时候以逗号隔开即可,如:log_output='FILE,TABLE'.
日志记录到系统专用日志表中,要比记录到文件耗费更多的系统资源,因此对于需要启用慢查日志,又需要比够获得更高的系统性能,那么建议优先记录到文件。
开启general_log日志
mysql> set global general_log=on; --开启日志
Query OK, rows affected (2.60 sec)
mysql> show variables like 'general_log';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| general_log | ON |
+---------------+-------+ row in set (0.00 sec)
mysql> set global general_log_file='/opt/sudytech/mysql/data/general.log'; --指定日志产生位置
Query OK, rows affected (0.05 sec)
mysql> show variables like 'general_log_file';
+------------------+--------------------------------------+
| Variable_name | Value |
+------------------+--------------------------------------+
| general_log_file | /opt/sudytech/mysql/data/general.log |
+------------------+--------------------------------------+ row in set (0.04 sec)
由于log_output默认值为FILE。所以不需要修改。
查看/opt/sudytech/mysql/data/目录下已经产生了general.log日志
[root@localhost data]# pwd
/opt/sudytech/mysql/data
[root@localhost data]# tail -f general.log-05-18T06:45:32.140829Z 2 Query set global general_log=OFF
/opt/sudytech/mysql/bin/mysqld, Version:.7.32-log (MySQL Community Server (GPL)). started with:
Tcp port: Unix socket: /tmp/mysql.sock
Time Id Command Argument-05-18T10:43:17.049473Z 3 Query show variables like 'general_log'
-05-18T10:44:09.060990Z 3 Query set global general_log_file='/opt/sudytech/mysql/data/general.log'
/opt/sudytech/mysql/bin/mysqld, Version:.7.32-log (MySQL Community Server (GPL)). started with:
Tcp port: Unix socket: /tmp/mysql.sock
Time Id Command Argument-05-18T10:44:18.375549Z 3 Query show variables like 'general_log_file'
......
永久修改需要在my.cnf中[mysqld]添加
general_log =
general_log_file=/opt/sudytech/mysql/data/general.log
log_bin
log_bin不支持热开启。
mysql> set global log_bin=on;
ERROR (HY000): Variable 'log_bin' is a read only variable
需要在my.cnf [mysqld]中添加
log_bin=/opt/sudytech/mysql/data/mysql-bin
expire_logs_days = #日志过期天数
max_binlog_size =M #单日文件最大大小
开启后会在/opt/sudytech/mysql/data目录下产生mysql-bin.xxxxx和mysql-bin.index两个文件。mysql-bin.xxxxxx是记录binlog日志的文件,而index是存放mysql-bin文件名的文件
[root@localhost data]# ll mysql-bin.*
-rw-r-----. mysql mysql 372 5月 18 18:58 mysql-bin.000001
-rw-r-----. mysql mysql 154 5月 18 18:58 mysql-bin.000002
-rw-r-----. mysql mysql 84 5月 18 18:58 mysql-bin.index
[root@localhost data]# cat mysql-bin.index
/opt/sudytech/mysql/data/mysql-bin.
/opt/sudytech/mysql/data/mysql-bin.
遇到以下3种情况时,MySQL会重新生成一个新的日志文件,文件序号递增
- 1、MySQL服务器停止或重启时(其实重启时也是调用flush logs命令)
- 2、使用 flush logs 命令;
- 3、当 binlog 文件大小超过 max_binlog_size 变量的值时;
max_binlog_size 的最小值是4096字节,最大值和默认值是 1GB (1073741824字节)。事务被写入到binlog的一个块中,所以它不会在几个二进制日志之间被拆分。因此,如果你有很大的事务,为了保证事务的完整性,不可能做切换日志的动作,只能将该事务的日志都记录到当前日志文件中,直到事务结束,你可能会看到binlog文件大于 max_binlog_size 的情况。
查看mysql-bin.xxxxx信息,mysql-bin.xxxxx是以二进制形式存储,vim、cat查看是乱码,这时可以使用mysqlbinlog命令查看
[root@localhost data]# /opt/sudytech/mysql/bin/mysqlbinlog -v --base-output=decode-rows --start-datetime='2021-04-11 00:00:00' --stop-datetime='2021-05-19 15:00:00' /opt/sudytech/mysql/data/mysql-bin.000002
base-output,可以控制输出语句输出base64编码的BINLOG语句;decode-rows:选项将把基于行的事件解码成一个SQL语句
..............
create database aaaaa
/*!*/;
# at
# 19:15:01 server id 1 end_log_pos 381 CRC32 0x6f4cdc6c Anonymous_GTID last_committed=1 sequence_number=2 .......
create database bbbb
.....
audit_log(mysql_audit.json)
开启audit_log需要安装审计插件,将audit-plugin-mysql-5.7-1.1.4-725-linux-x86_64.zip文件上传到/opt下解压,登录数据库查看插件存放位置
mysql> show global variables like 'plugin_dir';
+---------------+----------------------------------+
| Variable_name | Value |
+---------------+----------------------------------+
| plugin_dir | /opt/sudytech/mysql//lib/plugin/ |
+---------------+----------------------------------+ row in set (0.02 sec)
将插件复制该路径下,并授权
[root@localhost mysql]# cp /opt/sudytech/audit-plugin-mysql-.7-1.1.4-725/lib/libaudit_plugin.so /opt/sudytech/mysql//lib/plugin/
[root@localhost mysql]# chmod +x /opt/sudytech/mysql//lib/plugin/libaudit_plugin.so
[root@localhost mysql]# chown mysql:mysql /opt/sudytech/mysql//lib/plugin/libaudit_plugin.so
登录数据库进行安装
mysql> install plugin audit soname 'libaudit_plugin.so';
ERROR (HY000): Can't initialize function 'audit'; Plugin initialization function failed.
解决方法:
[root@localhost mysql]# /opt/sudytech/audit-plugin-mysql-.7-1.1.4-725/utils/offset-extract.sh /opt/sudytech/mysql/bin/mysqld
ERROR: gdb not found. Make sure gdb is installed and on the path.
[root@localhost mysql]# yum -y instal gdb
[root@localhost mysql]# /opt/sudytech/audit-plugin-mysql-.7-1.1.4-725/utils/offset-extract.sh /opt/sudytech/mysql/bin/mysqld
//offsets for: /opt/sudytech/mysql/bin/mysqld (.7.32)
{".7.32","30165bbd00a2077d2e4b1d3c6768c2f7", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080},
编辑my.cnf在[mysql]中添加,重启mysql
audit_json_file=on #保证mysql重启后自动启动插件
audit_record_cmds='insert,delete,update,create,drop,alter,grant,truncate,show' #记录操作
plugin-load=AUDIT=libaudit_plugin.so #防止删除了插件,重启后又会加载
audit_json_log_file=/opt/sudytech/mysql/stat/logs/mysql_audit.json #日志路径
audit_offsets=, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080
查看/opt/sudytech/mysql/stat/logs/目录下会产生mysql_audit.json日志
[root@localhost logs]# cat mysql_audit.json
..........
{"msg-type":"activity","date":"","thread-id":"2","query-id":"6","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"linux-glibc2.12","_client_name":"libmysql","_pid":"8826","_client_version":"5.7.32","_platform":"x86_64","program_name":"mysql"},"pid":"8826","os_user":"root","appname":"/opt/sudytech/mysql/bin/mysql","cmd":"create_db","query":"create database bbbbb"}
{"msg-type":"activity","date":"","thread-id":"2","query-id":"8","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"linux-glibc2.12","_client_name":"libmysql","_pid":"8826","_client_version":"5.7.32","_platform":"x86_64","program_name":"mysql"},"pid":"8826","os_user":"root","appname":"/opt/sudytech/mysql/bin/mysql","cmd":"drop_db","query":"drop database bbbbb"}
audit_log(server_audit.log)
server_audit.log支持热开启,热关闭。下载mariadb-5.5.68压缩包,解压获取mariadb-5.5.68-linux-x86_64/lib/plugin/server_audit.so(mysql8后不支持该插件)
MariaDB_5.x.x和MariaDB_10.x.x区别:
- MariaDB_5.x.x:兼容MySQL5.x.x的,接口几乎一致,只限于社区版
- MariaDB_10.x.x:10.x.x使用新技术,接口会与MySQL逐渐区别开来,向MariaDB新接口过渡
因为测试数据库版本为5.7.32,所以选择mariadb-5.5.68
登录数据库查看插件存放位置
mysql> show global variables like 'plugin_dir';
+---------------+----------------------------------+
| Variable_name | Value |
+---------------+----------------------------------+
| plugin_dir | /opt/sudytech/mysql//lib/plugin/ |
+---------------+----------------------------------+ row in set (0.02 sec)
将插件复制该路径下,并授权
[root@localhost plugin]# cp /opt/sudytech/mariadb-.5.68-linux-x86_64/lib/plugin/server_audit.so /opt/sudytech/mysql/lib/plugin/
[root@localhost plugin]# chmod +x /opt/sudytech/mysql/lib/plugin/server_audit.so
登录数据库进行安装
mysql> install plugin server_audit soname 'server_audit.so';
Query OK, rows affected (0.00 sec)
mysql> show plugins;
+----------------------------+----------+--------------------+-----------------+---------+
| Name | Status | Type | Library | License |
+----------------------------+----------+--------------------+-----------------+---------+
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
.......
| SERVER_AUDIT | ACTIVE | AUDIT | server_audit.so | GPL |
+----------------------------+----------+--------------------+-----------------+---------+
开启server_audit.log,日志默认会在mysql/data目录下,可通过server_audit_file_path指定文件存放位置
mysql> show variables like '%server_audit_logging%';
+----------------------+-------+
| Variable_name | Value |
+----------------------+-------+
| server_audit_logging | OFF |
+----------------------+-------+ row in set (0.00 sec)
mysql> set global server_audit_logging=on;
Query OK, rows affected (0.00 sec)
在my.cnf中[mysqld]添加配置
server_audit_logging = ON #开启日志记录,默认是关闭
server_audit = FORCE_PLUS_PERMANENT #防止插件被卸载
server_audit_file_path = /opt/sudytech/mysql/stat/logs/server_audit.log #定义审计日志路径与文件名
server_audit_file_rotations = #定义审计日志的轮询个数,0为不轮询,值为2会产生3个文件server_audit.log server_audit.log.1 server_audit.log.2
server_audit_file_rotate_size = #定义切割审计日志的文件大小1073741824=1GB,当server_audit_file_rotations为0时,设置该值无意义
在/opt/sudytech/mysql/stat/logs目录下就会产生server_audit.log日志
[root@localhost logs]# tail -f server_audit.log 10:05:00,localhost.localdomain,root,localhost,2,27,QUERY,,'show variables like \'server_audit_file_rotations\'',0
10:05:01,localhost.localdomain,root,localhost,2,28,QUERY,,'show variables like \'server_audit_file_rotations\'',0
10:05:01,localhost.localdomain,root,localhost,2,29,QUERY,,'show variables like \'server_audit_file_rotations\'',0
10:05:01,localhost.localdomain,root,localhost,2,30,QUERY,,'show variables like \'server_audit_file_rotations\'',0
10:05:02,localhost.localdomain,root,localhost,2,31,QUERY,,'show variables like \'server_audit_file_rotations\'',0
10:35:02,localhost.localdomain,root,localhost,2,0,DISCONNECT,,,0
server_audit.log参数说明:
- server_audit_output_type 指定日志输出类型,可为SYSLOG或FILE,为SYSLOG时,记录在/var/log/message中
- server_audit_logging 启动或关闭审计
- server_audit_events 指定记录事件的类型,可以用逗号分隔的多个值(connect,query,table),如果开启了查询缓存(query cache),查询直接从查询缓存返回数据,将没有table记录
- server_audit_file_path 如server_audit_output_type为FILE,使用该变量设置存储日志的文件,可以指定目录,默认存放在mysql/data目录的server_audit.log文件中
- server_audit_file_rotations 指定日志文件的数量,如果为0日志将从不轮转
- server_audit_file_rotate_size 限制日志文件的大小,当server_audit_file_rotations为0时,该值无意义
- server_audit_file_rotate_now 是否立即切割日志,当server_audit_file_rotations为0时,该值无意义
- server_audit_incl_users 指定哪些用户的活动将记录,connect将不受此变量影响,该变量比server_audit_excl_users优先级高
- server_audit_syslog_facility 默认为LOG_USER,指定facility
- server_audit_syslog_ident 设置ident,作为每个syslog记录的一部分
- server_audit_syslog_info 指定的info字符串将添加到syslog记录
- server_audit_syslog_priority 定义记录日志的syslogd priority
- server_audit_excl_users 该列表的用户行为将不记录,connect将不受该设置影响