mysql如何开启各种日志

MySQL
394
0
0
2023-06-12
标签   MySQL日志
目录
  • general_log
  • log_bin
  • audit_log(mysql_audit.json)
  • audit_log(server_audit.log)

以下日志开启均在mysql5.7.32进行测试

general_log

general_log支持热开启,热关闭。开启general_log会记录所有操作mysql命令,所以会产生大量文件,一般不开启。

相关参数general_log、log_output、general_log_file

mysql> show variables like 'general_log';  --查看日志是否开启
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| general_log   | OFF   |
+---------------+-------+ row in set (1.09 sec)

mysql> show variables like 'general_log_file'; --general_log_file日志保存位置
+------------------+--------------------------------------+
| Variable_name    | Value                                |
+------------------+--------------------------------------+
| general_log_file | /opt/sudytech/mysql/data/general.log |
+------------------+--------------------------------------+ row in set (2.41 sec)

mysql> show variables like 'log_output'; --日志输出类型 table和file两种类型
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| log_output    | FILE  |
+---------------+-------+ row in set (0.00 sec)

log_output='FILE' 表示将日志存入文件,默认值是FILE  
log_output='TABLE'表示将日志存入数据库,这样日志信息就会被写入到mysql.slow_log表中.
mysql数据库支持同时两种日志存储方式,配置的时候以逗号隔开即可,如:log_output='FILE,TABLE'.
日志记录到系统专用日志表中,要比记录到文件耗费更多的系统资源,因此对于需要启用慢查日志,又需要比够获得更高的系统性能,那么建议优先记录到文件。
开启general_log日志
mysql> set global general_log=on; --开启日志
Query OK, rows affected (2.60 sec)

mysql> show variables like 'general_log';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| general_log   | ON    |
+---------------+-------+ row in set (0.00 sec)

mysql> set global general_log_file='/opt/sudytech/mysql/data/general.log'; --指定日志产生位置
Query OK, rows affected (0.05 sec)

mysql> show variables like 'general_log_file';
+------------------+--------------------------------------+
| Variable_name    | Value                                |
+------------------+--------------------------------------+
| general_log_file | /opt/sudytech/mysql/data/general.log |
+------------------+--------------------------------------+ row in set (0.04 sec)

由于log_output默认值为FILE。所以不需要修改。

查看/opt/sudytech/mysql/data/目录下已经产生了general.log日志

[root@localhost data]# pwd
/opt/sudytech/mysql/data
[root@localhost data]# tail -f general.log-05-18T06:45:32.140829Z         2 Query     set global general_log=OFF
/opt/sudytech/mysql/bin/mysqld, Version:.7.32-log (MySQL Community Server (GPL)). started with:
Tcp port:  Unix socket: /tmp/mysql.sock
Time                 Id Command    Argument-05-18T10:43:17.049473Z         3 Query     show variables like 'general_log'
-05-18T10:44:09.060990Z         3 Query     set global general_log_file='/opt/sudytech/mysql/data/general.log'
/opt/sudytech/mysql/bin/mysqld, Version:.7.32-log (MySQL Community Server (GPL)). started with:
Tcp port:  Unix socket: /tmp/mysql.sock
Time                 Id Command    Argument-05-18T10:44:18.375549Z         3 Query     show variables like 'general_log_file'
......

永久修改需要在my.cnf中[mysqld]添加
general_log =
general_log_file=/opt/sudytech/mysql/data/general.log

log_bin

log_bin不支持热开启。
mysql> set global log_bin=on;
ERROR (HY000): Variable 'log_bin' is a read only variable

需要在my.cnf [mysqld]中添加
log_bin=/opt/sudytech/mysql/data/mysql-bin
expire_logs_days =    #日志过期天数
max_binlog_size =M  #单日文件最大大小

开启后会在/opt/sudytech/mysql/data目录下产生mysql-bin.xxxxx和mysql-bin.index两个文件。mysql-bin.xxxxxx是记录binlog日志的文件,而index是存放mysql-bin文件名的文件
[root@localhost data]# ll mysql-bin.*
-rw-r-----. mysql mysql 372 518 18:58 mysql-bin.000001
-rw-r-----. mysql mysql 154 518 18:58 mysql-bin.000002
-rw-r-----. mysql mysql  84 518 18:58 mysql-bin.index
[root@localhost data]# cat mysql-bin.index 
/opt/sudytech/mysql/data/mysql-bin.
/opt/sudytech/mysql/data/mysql-bin.

遇到以下3种情况时,MySQL会重新生成一个新的日志文件,文件序号递增

  • 1、MySQL服务器停止或重启时(其实重启时也是调用flush logs命令)
  • 2、使用 flush logs 命令;
  • 3、当 binlog 文件大小超过 max_binlog_size 变量的值时;

max_binlog_size 的最小值是4096字节,最大值和默认值是 1GB (1073741824字节)。事务被写入到binlog的一个块中,所以它不会在几个二进制日志之间被拆分。因此,如果你有很大的事务,为了保证事务的完整性,不可能做切换日志的动作,只能将该事务的日志都记录到当前日志文件中,直到事务结束,你可能会看到binlog文件大于 max_binlog_size 的情况。

查看mysql-bin.xxxxx信息,mysql-bin.xxxxx是以二进制形式存储,vim、cat查看是乱码,这时可以使用mysqlbinlog命令查看

[root@localhost data]# /opt/sudytech/mysql/bin/mysqlbinlog  -v --base-output=decode-rows  --start-datetime='2021-04-11 00:00:00' --stop-datetime='2021-05-19 15:00:00' /opt/sudytech/mysql/data/mysql-bin.000002
 base-output,可以控制输出语句输出base64编码的BINLOG语句;decode-rows:选项将把基于行的事件解码成一个SQL语句
..............
create database aaaaa
/*!*/;
# at
# 19:15:01 server id 1  end_log_pos 381 CRC32 0x6f4cdc6c  Anonymous_GTID  last_committed=1        sequence_number=2       .......
create database bbbb
.....

audit_log(mysql_audit.json)

开启audit_log需要安装审计插件,将audit-plugin-mysql-5.7-1.1.4-725-linux-x86_64.zip文件上传到/opt下解压,登录数据库查看插件存放位置

mysql> show global variables like 'plugin_dir';
+---------------+----------------------------------+
| Variable_name | Value                            |
+---------------+----------------------------------+
| plugin_dir    | /opt/sudytech/mysql//lib/plugin/ |
+---------------+----------------------------------+ row in set (0.02 sec)

将插件复制该路径下,并授权

[root@localhost mysql]# cp /opt/sudytech/audit-plugin-mysql-.7-1.1.4-725/lib/libaudit_plugin.so  /opt/sudytech/mysql//lib/plugin/
[root@localhost mysql]# chmod +x /opt/sudytech/mysql//lib/plugin/libaudit_plugin.so
[root@localhost mysql]# chown mysql:mysql /opt/sudytech/mysql//lib/plugin/libaudit_plugin.so

登录数据库进行安装

mysql> install plugin audit soname 'libaudit_plugin.so';
ERROR (HY000): Can't initialize function 'audit'; Plugin initialization function failed.

解决方法:

[root@localhost mysql]# /opt/sudytech/audit-plugin-mysql-.7-1.1.4-725/utils/offset-extract.sh /opt/sudytech/mysql/bin/mysqld
ERROR: gdb not found. Make sure gdb is installed and on the path.

[root@localhost mysql]# yum -y instal gdb

[root@localhost mysql]# /opt/sudytech/audit-plugin-mysql-.7-1.1.4-725/utils/offset-extract.sh /opt/sudytech/mysql/bin/mysqld
//offsets for: /opt/sudytech/mysql/bin/mysqld (.7.32)
{".7.32","30165bbd00a2077d2e4b1d3c6768c2f7", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080},

编辑my.cnf在[mysql]中添加,重启mysql

audit_json_file=on #保证mysql重启后自动启动插件
audit_record_cmds='insert,delete,update,create,drop,alter,grant,truncate,show'  #记录操作     
plugin-load=AUDIT=libaudit_plugin.so   #防止删除了插件,重启后又会加载
audit_json_log_file=/opt/sudytech/mysql/stat/logs/mysql_audit.json  #日志路径
audit_offsets=, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080

查看/opt/sudytech/mysql/stat/logs/目录下会产生mysql_audit.json日志

[root@localhost logs]# cat mysql_audit.json  
..........
{"msg-type":"activity","date":"","thread-id":"2","query-id":"6","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"linux-glibc2.12","_client_name":"libmysql","_pid":"8826","_client_version":"5.7.32","_platform":"x86_64","program_name":"mysql"},"pid":"8826","os_user":"root","appname":"/opt/sudytech/mysql/bin/mysql","cmd":"create_db","query":"create database  bbbbb"}
{"msg-type":"activity","date":"","thread-id":"2","query-id":"8","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"linux-glibc2.12","_client_name":"libmysql","_pid":"8826","_client_version":"5.7.32","_platform":"x86_64","program_name":"mysql"},"pid":"8826","os_user":"root","appname":"/opt/sudytech/mysql/bin/mysql","cmd":"drop_db","query":"drop database bbbbb"}

audit_log(server_audit.log)

server_audit.log支持热开启,热关闭。下载mariadb-5.5.68压缩包,解压获取mariadb-5.5.68-linux-x86_64/lib/plugin/server_audit.so(mysql8后不支持该插件)

MariaDB_5.x.x和MariaDB_10.x.x区别:

  • MariaDB_5.x.x:兼容MySQL5.x.x的,接口几乎一致,只限于社区版
  • MariaDB_10.x.x:10.x.x使用新技术,接口会与MySQL逐渐区别开来,向MariaDB新接口过渡

因为测试数据库版本为5.7.32,所以选择mariadb-5.5.68

登录数据库查看插件存放位置

mysql> show global variables like 'plugin_dir';
+---------------+----------------------------------+
| Variable_name | Value                            |
+---------------+----------------------------------+
| plugin_dir    | /opt/sudytech/mysql//lib/plugin/ |
+---------------+----------------------------------+ row in set (0.02 sec)

将插件复制该路径下,并授权

[root@localhost plugin]# cp /opt/sudytech/mariadb-.5.68-linux-x86_64/lib/plugin/server_audit.so  /opt/sudytech/mysql/lib/plugin/
[root@localhost plugin]# chmod +x /opt/sudytech/mysql/lib/plugin/server_audit.so

登录数据库进行安装

mysql> install plugin server_audit soname 'server_audit.so';
Query OK, rows affected (0.00 sec)

mysql> show plugins;
+----------------------------+----------+--------------------+-----------------+---------+
| Name                       | Status   | Type               | Library         | License |
+----------------------------+----------+--------------------+-----------------+---------+
| binlog                     | ACTIVE   | STORAGE ENGINE     | NULL            | GPL     |
.......
| SERVER_AUDIT               | ACTIVE   | AUDIT              | server_audit.so | GPL     |
+----------------------------+----------+--------------------+-----------------+---------+

开启server_audit.log,日志默认会在mysql/data目录下,可通过server_audit_file_path指定文件存放位置

mysql> show variables like '%server_audit_logging%'+----------------------+-------+
| Variable_name        | Value |
+----------------------+-------+
| server_audit_logging | OFF   |
+----------------------+-------+ row in set (0.00 sec)

mysql> set  global  server_audit_logging=on;
Query OK, rows affected (0.00 sec)

在my.cnf中[mysqld]添加配置

server_audit_logging = ON #开启日志记录,默认是关闭
server_audit = FORCE_PLUS_PERMANENT #防止插件被卸载
server_audit_file_path = /opt/sudytech/mysql/stat/logs/server_audit.log #定义审计日志路径与文件名
server_audit_file_rotations = #定义审计日志的轮询个数,0为不轮询,值为2会产生3个文件server_audit.log server_audit.log.1 server_audit.log.2
server_audit_file_rotate_size = #定义切割审计日志的文件大小1073741824=1GB,当server_audit_file_rotations为0时,设置该值无意义

在/opt/sudytech/mysql/stat/logs目录下就会产生server_audit.log日志

[root@localhost logs]# tail -f server_audit.log 10:05:00,localhost.localdomain,root,localhost,2,27,QUERY,,'show variables like \'server_audit_file_rotations\'',0
 10:05:01,localhost.localdomain,root,localhost,2,28,QUERY,,'show variables like \'server_audit_file_rotations\'',0
 10:05:01,localhost.localdomain,root,localhost,2,29,QUERY,,'show variables like \'server_audit_file_rotations\'',0
 10:05:01,localhost.localdomain,root,localhost,2,30,QUERY,,'show variables like \'server_audit_file_rotations\'',0
 10:05:02,localhost.localdomain,root,localhost,2,31,QUERY,,'show variables like \'server_audit_file_rotations\'',0
 10:35:02,localhost.localdomain,root,localhost,2,0,DISCONNECT,,,0

server_audit.log参数说明:

  • server_audit_output_type 指定日志输出类型,可为SYSLOG或FILE,为SYSLOG时,记录在/var/log/message中
  • server_audit_logging 启动或关闭审计
  • server_audit_events 指定记录事件的类型,可以用逗号分隔的多个值(connect,query,table),如果开启了查询缓存(query cache),查询直接从查询缓存返回数据,将没有table记录
  • server_audit_file_path 如server_audit_output_type为FILE,使用该变量设置存储日志的文件,可以指定目录,默认存放在mysql/data目录的server_audit.log文件中
  • server_audit_file_rotations 指定日志文件的数量,如果为0日志将从不轮转
  • server_audit_file_rotate_size 限制日志文件的大小,当server_audit_file_rotations为0时,该值无意义
  • server_audit_file_rotate_now 是否立即切割日志,当server_audit_file_rotations为0时,该值无意义
  • server_audit_incl_users 指定哪些用户的活动将记录,connect将不受此变量影响,该变量比server_audit_excl_users优先级高
  • server_audit_syslog_facility 默认为LOG_USER,指定facility
  • server_audit_syslog_ident 设置ident,作为每个syslog记录的一部分
  • server_audit_syslog_info 指定的info字符串将添加到syslog记录
  • server_audit_syslog_priority 定义记录日志的syslogd priority
  • server_audit_excl_users 该列表的用户行为将不记录,connect将不受该设置影响