Rechercher dans le manuel MySQL

6.4.5.2 Installing or Uninstalling MySQL Enterprise Audit

This section describes how to install or uninstall MySQL Enterprise Audit, which is implemented using the audit log plugin and related components described in Section 6.4.5.1, “Audit Log Components”. For general information about installing plugins, see Section 5.6.1, “Installing and Uninstalling Plugins”.

Important

Read this entire section before following its instructions. Parts of the procedure differ depending on your environment.

Note

If installed, the audit_log plugin involves some minimal overhead even when disabled. To avoid this overhead, do not install MySQL Enterprise Audit unless you plan to use it.

To be usable by the server, the plugin library file must be located in the MySQL plugin directory (the directory named by the plugin_dir system variable). If necessary, configure the plugin directory location by setting the value of plugin_dir at server startup.

To install MySQL Enterprise Audit, look in the share directory of your MySQL installation and choose the script that is appropriate for your platform. The available scripts differ in the suffix used to refer to the plugin library file:

  • audit_log_filter_win_install.sql: Choose this script for Windows systems that use .dll as the file name suffix.

  • audit_log_filter_linux_install.sql: Choose this script for Linux and similar systems that use .so as the file name suffix.

Run the script as follows. The example here uses the Linux installation script. Make the appropriate substitution for your system.

shell> mysql -u root -p < audit_log_filter_linux_install.sql
Enter password: (enter root password here)
Note

Some MySQL versions have introduced changes to the structure of the MySQL Enterprise Audit tables. To ensure that your tables are up to date for upgrades from earlier versions of MySQL 8.0, perform the MySQL upgrade procedure, making sure to use the option that forces an update (see Section 2.11, “Upgrading MySQL”). If you prefer to run the update statements only for the MySQL Enterprise Audit tables, see the following discussion.

As of MySQL 8.0.12, for new MySQL installations, the USER and HOST columns in the audit_log_user table used by MySQL Enterprise Audit have definitions that better correspond to the definitions of the User and Host columns in the mysql.user system table. For upgrades to an installation for which MySQL Enterprise Audit is already installed, it is recommended that you alter the table definitions as follows:

  1. ALTER TABLE mysql.audit_log_user
  2.   DROP FOREIGN KEY audit_log_user_ibfk_1;
  3. ALTER TABLE mysql.audit_log_filter
  4.   CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_as_ci;
  5. ALTER TABLE mysql.audit_log_user
  6.   CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_as_ci;
  7. ALTER TABLE mysql.audit_log_user
  8. ALTER TABLE mysql.audit_log_user
  9.   ADD FOREIGN KEY (FILTERNAME) REFERENCES mysql.audit_log_filter(NAME);
Note

To use MySQL Enterprise Audit in the context of master/slave replication, Group Replication, or InnoDB cluster, you must prepare the slave or secondary nodes prior to running the installation script on the master or primary node. This is necessary because the INSTALL PLUGIN statement in the script is not replicated.

  1. On each slave or secondary node, extract the INSTALL PLUGIN statement from the installation script and execute it manually.

  2. On the master or primary node, run the installation script as described previously.

To verify plugin installation, examine the INFORMATION_SCHEMA.PLUGINS table or use the SHOW PLUGINS statement (see Section 5.6.2, “Obtaining Server Plugin Information”). For example:

  1. mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS
  2.        FROM INFORMATION_SCHEMA.PLUGINS
  3.        WHERE PLUGIN_NAME LIKE 'audit%';
  4. +-------------+---------------+
  5. | PLUGIN_NAME | PLUGIN_STATUS |
  6. +-------------+---------------+
  7. | audit_log   | ACTIVE        |
  8. +-------------+---------------+

If the plugin fails to initialize, check the server error log for diagnostic messages.

After MySQL Enterprise Audit is installed, you can use the --audit-log option for subsequent server startups to control audit_log plugin activation. For example, to prevent the plugin from being removed at runtime, use this option:

[mysqld]
audit-log=FORCE_PLUS_PERMANENT

If it is desired to prevent the server from running without the audit plugin, use --audit-log with a value of FORCE or FORCE_PLUS_PERMANENT to force server startup to fail if the plugin does not initialize successfully.

Important

By default, rule-based audit log filtering logs no auditable events for any users. This differs from legacy audit log behavior, which logs all auditable events for all users (see Section 6.4.5.8, “Legacy Mode Audit Log Filtering”). Should you wish to produce log-everything behavior with rule-based filtering, create a simple filter to enable logging and assign it to the default account:

  1. SELECT audit_log_filter_set_filter('log_all', '{ "filter": { "log": true } }');
  2. SELECT audit_log_filter_set_user('%', 'log_all');

The filter assigned to % is used for connections from any account that has no explicitly assigned filter (which initially is true for all accounts).

Once installed as just described, MySQL Enterprise Audit remains installed until uninstalled. To remove it, execute the following statements:

  1. DROP TABLE IF EXISTS mysql.audit_log_user;
  2. DROP TABLE IF EXISTS mysql.audit_log_filter;
  3. UNINSTALL PLUGIN audit_log;
  4. DROP FUNCTION audit_log_filter_set_filter;
  5. DROP FUNCTION audit_log_filter_remove_filter;
  6. DROP FUNCTION audit_log_filter_set_user;
  7. DROP FUNCTION audit_log_filter_remove_user;
  8. DROP FUNCTION audit_log_filter_flush;
  9. DROP FUNCTION audit_log_encryption_password_get;
  10. DROP FUNCTION audit_log_encryption_password_set;
  11. DROP FUNCTION audit_log_read;
  12. DROP FUNCTION audit_log_read_bookmark;

Zoek in de MySQL-handleiding

Nederlandse vertaling

U hebt gevraagd om deze site in het Nederlands te bezoeken. Voor nu wordt alleen de interface vertaald, maar nog niet alle inhoud.

Als je me wilt helpen met vertalingen, is je bijdrage welkom. Het enige dat u hoeft te doen, is u op de site registreren en mij een bericht sturen waarin u wordt gevraagd om u toe te voegen aan de groep vertalers, zodat u de gewenste pagina's kunt vertalen. Een link onderaan elke vertaalde pagina geeft aan dat u de vertaler bent en heeft een link naar uw profiel.

Bij voorbaat dank.

Document heeft de 26/06/2006 gemaakt, de laatste keer de 26/10/2018 gewijzigd
Bron van het afgedrukte document:https://www.gaudry.be/nl/mysql-rf-audit-log-installation.html

De infobrol is een persoonlijke site waarvan de inhoud uitsluitend mijn verantwoordelijkheid is. De tekst is beschikbaar onder CreativeCommons-licentie (BY-NC-SA). Meer info op de gebruiksvoorwaarden en de auteur.

Referenties

  1. Bekijk - html-document Taal van het document:en Manuel MySQL : https://dev.mysql.com/

Deze verwijzingen en links verwijzen naar documenten die geraadpleegd zijn tijdens het schrijven van deze pagina, of die aanvullende informatie kunnen geven, maar de auteurs van deze bronnen kunnen niet verantwoordelijk worden gehouden voor de inhoud van deze pagina.
De auteur Deze site is als enige verantwoordelijk voor de manier waarop de verschillende concepten, en de vrijheden die met de referentiewerken worden genomen, hier worden gepresenteerd. Vergeet niet dat u meerdere broninformatie moet doorgeven om het risico op fouten te verkleinen.

Inhoudsopgave Haut