download
My MySQL version is 5.7.37, and the log audit plug-in (audit-plugin) I use is 1.1.10. You can download it according to your own version.
https://github.com/trellix-enterprise/mysql-audit/releases
Configuration
1. Go to the /opt directory to download audit. You can download it locally and upload it to your Linux system.
cd /opt
wget --no-check-certificate https://github.com/trellix-enterprise/mysql-audit/releases/download/v1.1.10/audit-plugin-mysql-5.7-1.1.10-980-linux-x86_64.zip
2. Decompress
unzip audit-plugin-mysql-5.7-1.1.10-980-linux-x86_64.zip
3. Find your MySQL installation plug-in directory
show global variables like 'plugin_dir';
4. Copy and install the relevant plug-in packages and execute the following commands
cp audit-plugin-mysql-5.7-1.1.10-980/lib/libaudit_plugin.so /usr/lib64/mysql/plugin/
chmod +x /usr/lib64/mysql/plugin/libaudit_plugin.so
chown mysql:mysql /usr/lib64/mysql/plugin/libaudit_plugin.so
5. Log in to your MySQL and install the audit plug-in
install plugin audit soname 'libaudit_plugin.so';
If an error occurs, please look at the pitfalls!
6. Check configuration
show plugins;
7. Check version
show global status like 'AUDIT_version';
8. Turn on the temporary log audit function and other settings (for permanent settings, please see the pit configuration)
Turn on the audit function
SET GLOBAL audit_json_file=ON;
View the audit configuration, including the audit_json.txt storage path
show variables like '%audit%'\G;
Permanent configuration
If you get an error in step 5 of the configuration:
ERROR 1123 (HY000): Can't initialize function 'audit'; Plugin initialization function failed.
You can see this configuration
1. Find mysqld
whereis mysqld
2. Generate coordinates and copy them. There is no need to copy the first two fields!
./audit-plugin-mysql-5.7-1.1.10-980/utils/offset-extract.sh /usr/sbin/mysqld
3. Find the MySQL configuration file
whereis my.cnf
4. Modify the SQL configuration file and add the following configuration
# 审计offsets 不要乱配置
audit_offsets=7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0
# 审计操作命令
audit_record_cmds='select,insert,delete,update,create,drop,alter,grant,truncate'
# 审计开关
audit_json_file=on
# 加载审计第三方库
plugin-load=AUDIT=libaudit_plugin.so
# 审计日志路径
audit_json_log_file=/var/log/mysql_audit.json
5. Save and restart MySQL.
systemctl mysql restart
6. Enter MySQL again to install the audit plug-in
install plugin audit soname 'libaudit_plugin.so';
If you still get an error! If there is still ERROR 1123 (HY000): Can't initialize function 'audit'; Plugin initialization function failed.this error, then look at the pit below!
pit
The Internet is full of shit!
Rubbish csdn, the same posts appear over and over again, copied from the past, without any brains at all!
Later, I went to GitHub and found a solution to the problem. The solution is very simple, just close the current Linux system selinux.
I found the solution from the foreigner's answer to the question on github: https://github.com/trellix-enterprise/mysql-audit/issues/157
1. Check whether it is enabled
sestatus
2. Temporarily shut down and restart the system, this setting will disappear.
echo 0 > /selinux/enforce
or
setenforce 0
3. Permanently shut down and will not fail after restarting.
cat /etc/selinux/config
Next, modify the selinux option in the configuration file to disabled.
Save and check the status again after restarting
Article reference: https://baijiahao.baidu.com/s?id=1730368050174256968&wfr=spider&for=pc