利用开源审计插件对mysql进行审计

转载：https://cloud.tencent.com/developer/article/1796107 

但是拥有数据库操作权限的人很多，如何排查，证据又在哪？是不是觉得无能为力？mysql本身并没有操作审计的功能，那是不是意味着遇到这种情况只能自认倒霉呢？现在企业级的审计系统非常的多，但都是要monery

本文就将讨论一种简单易行的，用于mysql访问审计的思路。

1、MySQL Enterprise Audit Plugin – This plugin is not open source and is only available with MySQL Enterprise, which has a significant cost attached to it. It is the most stable and robust. 备注：MySQL企业版本才能使用这个audit插件哦，MySQL社区版慢慢等着吧 2、Percona Audit Log Plugin – Percona provides an open source auditing solution that installs with Percona Server 5.5.37+ and 5.6.17+. This plugin has quite a few output features as it outputs XML, JSON and to syslog. Percona’s implementation is the first to be a drop-in replacement for MySQL Enterprise Audit Plugin. As it has some internal hooks to the server to be feature-compatible with Oracle’s plugin, it is not available as a standalone for other versions of MySQL. This plugin is actively maintained by Percona. 备注：Percon说了，这个插件只能给Percona_sever使用，其他人不能用 3、McAfee MySQL Audit Plugin – Around the longest and has been used widely. It is open source and robust, while not using the official auditing API. It isn’t updated as often as one may like. There hasn’t been any new features in some time. It was recently updated to support MySQL 5.7 备注：发现该插件貌似不支持审计日志自动切割，感觉这个查看起来不是特别的方便

下载地址：https://bintray.com/mcafee/mysql-audit-plugin/release#files

1、解压

[root@VM_35_215_centos wjq-software]# unzip audit-plugin-mysql-5.7-1.1.6-784-linux-x86_64.zip [root@VM_35_215_centos wjq-software]# cd audit-plugin-mysql-5.7-1.1.6-784/lib