如何按用户帐户过滤mysql审计日志
我的问题是,我甚至从审核日志中禁用了root用户,但仍然为这些用户进行日志记录。任何人都请帮忙。这是我一步一步做的 [Setp-1]检查审核日志变量如何按用户帐户过滤mysql审计日志,mysql,sql,audit-logging,Mysql,Sql,Audit Logging,我的问题是,我甚至从审核日志中禁用了root用户,但仍然为这些用户进行日志记录。任何人都请帮忙。这是我一步一步做的 [Setp-1]检查审核日志变量 mysql> SHOW VARIABLES LIKE 'audit_log%'; +-----------------------------+--------------+ | Variable_name | Value | +-----------------------------+------
mysql> SHOW VARIABLES LIKE 'audit_log%';
+-----------------------------+--------------+
| Variable_name | Value |
+-----------------------------+--------------+
| audit_log_buffer_size | 1048576 |
| audit_log_connection_policy | ALL |
| audit_log_current_session | ON |
| audit_log_exclude_accounts | |
| audit_log_file | audit.log |
| audit_log_flush | OFF |
| audit_log_format | OLD |
| audit_log_include_accounts | |
| audit_log_policy | ALL |
| audit_log_rotate_on_size | 0 |
| audit_log_statement_policy | ALL |
| audit_log_strategy | ASYNCHRONOUS |
+-----------------------------+--------------+
12 rows in set (0.00 sec)
[Setp-2]
下面的语句是禁用root帐户的审核日志记录
-- audit_log_include_accounts to NULL
SET GLOBAL audit_log_include_accounts = NULL;
SET GLOBAL audit_log_exclude_accounts = root@%;
注意:我使用了根@%代替root@localhost因为此数据库服务器可以从其他ip地址访问
[Setp-3]我从远程PC调用SSVR_AUDIT_LOG中的select语句select*
[步骤4]我检查了DB server中的审核日志
<AUDIT_RECORD TIMESTAMP="2016-04-22T03:49:11 UTC" RECORD_ID="593_2016-04-22T01:28:17" NAME="Query" CONNECTION_ID="6" STATUS="0" STATUS_CODE="0" USER="root[root] @ [162.16.22.48]" OS_LOGIN="" HOST="" IP="162.16.22.48" COMMAND_CLASS="show_create_table" SQLTEXT="SHOW CREATE TABLE `SSVR_AUDIT_LOG`"/>
<AUDIT_RECORD TIMESTAMP="2016-04-22T03:49:12 UTC" RECORD_ID="594_2016-04-22T01:28:17" NAME="Query" CONNECTION_ID="7" STATUS="0" STATUS_CODE="0" USER="root[root] @ [162.16.22.48]" OS_LOGIN="" HOST="" IP="162.16.22.48" COMMAND_CLASS="select" SQLTEXT="SELECT * FROM `SSVR_AUDIT_LOG` LIMIT 0, 1000"/>
<AUDIT_RECORD TIMESTAMP="2016-04-22T03:49:12 UTC" RECORD_ID="595_2016-04-22T01:28:17" NAME="Query" CONNECTION_ID="7" STATUS="0" STATUS_CODE="0" USER="root[root] @ [162.16.22.48]" OS_LOGIN="" HOST="" IP="162.16.22.48" COMMAND_CLASS="show_fields" SQLTEXT="SHOW COLUMNS FROM `tldssvr`.`SSVR_AUDIT_LOG`"/>
<AUDIT_RECORD TIMESTAMP="2016-04-22T03:49:13 UTC" RECORD_ID="596_2016-04-22T01:28:17" NAME="Quit" CONNECTION_ID="7" STATUS="0" STATUS_CODE="0" USER="root" OS_LOGIN="" HOST="" IP="162.16.22.48" COMMAND_CLASS="connect"/>
我得到了问题的答案。这是正确的答案。当你面对这样的问题时,你可以遵循以下步骤
按帐户筛选审核日志
列出所有“审核日志”配置项
>mysql-u root-p
>显示变量,如“审核日志%”;
+-----------------------------+--------------+
|变量名称|值|
+-----------------------------+--------------+
|审核日志缓冲区大小1048576|
|审核日志连接策略所有|
|审核日志当前会话关闭|
|审计日志排除账户|
|audit_log_文件| audit.log|
|审计记录清除|
|审核日志格式|旧|
|审计日志包括账目|
|审核日志策略所有|
|审核日志旋转大小为0|
|审计日志声明政策所有|
|审计日志策略异步|
+-----------------------------+--------------+