Backport of Percona Audit Plugin

on
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

Since yesterday, the new Percona Server (5.5.37-35.0) includes an audit plugin.

This is the announcement on mysqlperformance blog.

I needed to have this feature for a customer running an older version of Percona Server (5.5.33-31.1), so I back ported the plugin (revision 654) removing some extra info that is not available on previous version of Percona Server.

The information above in struct mysql_event_general (include/mysql/plugin_audit.h) were not yet present:


MYSQL_LEX_STRING general_host;
MYSQL_LEX_STRING general_sql_command;
MYSQL_LEX_STRING general_external_user;
MYSQL_LEX_STRING general_ip;

Additionally, as I needed to parse the audit log quickly, I added a new format (CSV) to replace both implementation of XML output (OLD & NEW).

This is an example of the new output:

AUDIT_RECORD - Audit::35531_2014-05-07T06:15:32::2014-05-07T06:15:36 UTC::5.5.33-31.1::--basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/var/lib/mysql/percona1.err --pid-file=/var/lib/mysql/percona1.pid::x86_64-Linux
AUDIT_RECORD - Connect,35532_2014-05-07T06:15:32,2014-05-07T06:16:04 UTC,1,0,root,root,,,localhost,
AUDIT_RECORD - Query::35533_2014-05-07T06:15:32::2014-05-07T06:16:04 UTC::1::0::select @@version_comment limit 1::root[root] @ localhost []
AUDIT_RECORD - Query::35534_2014-05-07T06:15:32::2014-05-07T06:16:20 UTC::1::0::SELECT DATABASE()::root[root] @ localhost []
AUDIT_RECORD - Init DB::35535_2014-05-07T06:15:32::2014-05-07T06:16:20 UTC::1::0::(null)::root[root] @ localhost []
AUDIT_RECORD - Query::35536_2014-05-07T06:15:32::2014-05-07T06:16:20 UTC::1::0::show databases::root[root] @ localhost []
AUDIT_RECORD - Query::35537_2014-05-07T06:15:32::2014-05-07T06:16:20 UTC::1::0::show tables::root[root] @ localhost []
AUDIT_RECORD - Field List::35538_2014-05-07T06:15:32::2014-05-07T06:16:20 UTC::1::0::::root[root] @ localhost []
AUDIT_RECORD - Field List::35539_2014-05-07T06:15:32::2014-05-07T06:16:20 UTC::1::0::::root[root] @ localhost []
AUDIT_RECORD - Query::35540_2014-05-07T06:15:32::2014-05-07T06:16:23 UTC::1::0::show databases::root[root] @ localhost []
AUDIT_RECORD - Query::35541_2014-05-07T06:15:32::2014-05-07T06:16:27 UTC::1::0::SELECT DATABASE()::root[root] @ localhost []
AUDIT_RECORD - Init DB::35542_2014-05-07T06:15:32::2014-05-07T06:16:27 UTC::1::0::(null)::root[root] @ localhost []
AUDIT_RECORD - Query::35543_2014-05-07T06:15:32::2014-05-07T06:16:29 UTC::1::0::show tables::root[root] @ localhost []
AUDIT_RECORD - Query::35544_2014-05-07T06:15:32::2014-05-07T06:16:34 UTC::1::0::select * from t::root[root] @ localhost []

The patch is available below and the compiled plugin for Centos 6 x86_64 for Percona Server 5.5.33-rel31.

Update: I’ve now added the code in launchpad and changed the default audit format to CVS, so the first time the plugin is loaded, CVS is used and no need to restart mysqld to enable CVS.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

recent

Last Tweets Last Tweets

Locations of visitors to this page
categories