Detailed introduction to the testing of MySQL audit plug-in (mcafee and mariadb versions)-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

Detailed introduction to the testing of MySQL audit plug-in (mcafee and mariadb versions)

黄舟

Mar 06, 2017 am 11:40 AM

Test server configuration: Dell R730; 24 cores; 64G memory; ssd disk.

Centos version: 6.4; MySQL version: Community 5.6.12; Test database size: 24G.

sysbench parameters: 64 threads, 10 tables, each table is pre-initialized with 10 million data, read and write mixed OLTP mode. Running on the same machine as mysql.

Test duration: 5 minutes/scenario.

The plug-in is not installed

OLTP test statistics:
queries performed:
read: 15377012
write: 4393432
other: 2196716
total: 21967160
transactions: 1098358 (3661.01 per sec.)
read/write requests: 19770444 (65898.21 per sec.)
other operations: 2196716 (7322.02 per sec.)
ignored errors: 0 (0.00 per sec.)
reconnects: 0 (0.00 per sec.)

Mcafee plug-in official website address: https://github.com/mcafee/mysql-audit/wiki

Use version: v1.0.9

Installation

INSTALL PLUGIN AUDIT SONAME &#39;libaudit_plugin.so&#39;;

Enable

set global audit_json_file=1;

Disable

set global audit_json_file=0;

Restart mysql

The plug-in will not be uninstalled and logging will not be enabled.

Uninstall

Directly execute UNINSTALL PLUGIN AUDIT; uninstallation will report an error: Uninstall AUDIT plugin disabled.

At the same time, it was found that Variable 'audit_uninstall_plugin' is a read only variable

You need to add audit_uninstall_plugin=1 to my.cnf and restart mysql.

After restarting, execute UNINSTALL PLUGIN AUDIT twice; to uninstall.

After the uninstallation is completed, audit_uninstall_plugin=1 needs to be deleted from my.cnf, otherwise an error will be reported next time mysql is started: [ERROR] /data/mysql/bin/mysqld: unknown variable 'audit_uninstall_plugin=1'

Log format: json

{"msg-type":"activity","date":"1484795122970","thread-id":"557","query-id":"61687115","user":"root","priv_user":"root","ip":"127.0.0.1","cmd":"select",
"objects":[{"db":"sysbench_test","name":"sbtest7","obj_type":"TABLE"}],"query":"SELECT c FROM sbtest7 WHERE id=5015211"}

Only logs of successful operations will be recorded

OLTP test statistics:
queries performed:
read: 8376872
write: 2393392
other: 1196696
total: 11966960
transactions: 598348 (1994.38 per sec.)
read/write requests: 10770264 (35898.81 per sec.)
other operations: 1196696 (3988.76 per sec.)
ignored errors: 0 (0.00 per sec.)
reconnects: 0 (0.00 per sec.)

Mariadb plug-in official website address: https://mariadb .com/kb/en/mariadb/about-the-

Using version: 1.1.7

Install

INSTALL PLUGIN server_audit SONAME &#39;server_audit.so&#39;;

Enable

set global server_audit_logging=1;
set global server_audit_file_rotate_size=1073741824; set global server_audit_file_rotations=4;

Disable

set global server_audit_logging=0;

Restart mysql

The plug-in will not be uninstalled and logging will not be enabled. However, all parameters will be reset, and you need to perform the required parameter configuration when you enable it again.

Uninstall

UNINSTALL PLUGIN server_audit;

Uninstalling the plug-in does not require restarting mysql.

Log format: fixed format text

20170119 10:39:19,localhost.localdomain,root,127.0.0.1,375,8330400,QUERY,sysbench_test,&#39;SELECT c FROM sbtest5 WHERE id=5037936&#39;,0

All operations will be recorded. SQL injection can be logged.

OLTP test statistics:
queries performed:
read: 9098362
write: 2599532
other: 1299766
total: 12997660
transactions: 649883 (2166.16 per sec.)
read/write requests: 11697894 (38990.84 per sec.)
other operations: 1299766 (4332.32 per sec.)
ignored errors: 0 (0.00 per sec.)
reconnects: 0 (0.00 per sec.)

Summary:

mcafee’s audit plug-in:

Performance dropped by about 46%, generating log 3.0 G

Uninstalling the plug-in requires restarting mysql. The plug-in does not automatically scroll, and additional cleaning tasks need to be deployed. There is a risk of insufficient disk space due to failure of the cleaning task. It is difficult to coordinate the analysis and cleaning tasks of pulling logs to other servers, and the cleaning tasks will have a certain degree of coupling.

Mariadb audit plug-in:

The performance dropped by about 41%, generating 1864M logs.

The performance is slightly better than mcafee's plug-in. Audit logs have automatic scrolling. Easy to uninstall. In terms of compatibility, the version test of 5.6.12 is not suitable for versions 1.1.7 and above. If used, the MySQL daemon will restart mysql indefinitely. Officially, versions 1.2.0 and above must be used in MySQL 5.6.17 and above, and must be tested before use. .

Percona’s audit plug-in:

It is not adapted to versions earlier than 5.6.17 and has not been tested yet.

The above is the detailed introduction of the MySQL audit plug-in test (mcafee and mariadb versions). For more related content, please pay attention to the PHP Chinese website (m.sbmmt.com)!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

MySQL's Role: Databases in Web ApplicationsApr 17, 2025 am 12:23 AM

The main role of MySQL in web applications is to store and manage data. 1.MySQL efficiently processes user information, product catalogs, transaction records and other data. 2. Through SQL query, developers can extract information from the database to generate dynamic content. 3.MySQL works based on the client-server model to ensure acceptable query speed.

MySQL: Building Your First DatabaseApr 17, 2025 am 12:22 AM

The steps to build a MySQL database include: 1. Create a database and table, 2. Insert data, and 3. Conduct queries. First, use the CREATEDATABASE and CREATETABLE statements to create the database and table, then use the INSERTINTO statement to insert the data, and finally use the SELECT statement to query the data.

MySQL: A Beginner-Friendly Approach to Data StorageApr 17, 2025 am 12:21 AM

MySQL is suitable for beginners because it is easy to use and powerful. 1.MySQL is a relational database, and uses SQL for CRUD operations. 2. It is simple to install and requires the root user password to be configured. 3. Use INSERT, UPDATE, DELETE, and SELECT to perform data operations. 4. ORDERBY, WHERE and JOIN can be used for complex queries. 5. Debugging requires checking the syntax and use EXPLAIN to analyze the query. 6. Optimization suggestions include using indexes, choosing the right data type and good programming habits.

Is MySQL Beginner-Friendly? Assessing the Learning CurveApr 17, 2025 am 12:19 AM

MySQL is suitable for beginners because: 1) easy to install and configure, 2) rich learning resources, 3) intuitive SQL syntax, 4) powerful tool support. Nevertheless, beginners need to overcome challenges such as database design, query optimization, security management, and data backup.

Is SQL a Programming Language? Clarifying the TerminologyApr 17, 2025 am 12:17 AM

Yes,SQLisaprogramminglanguagespecializedfordatamanagement.1)It'sdeclarative,focusingonwhattoachieveratherthanhow.2)SQLisessentialforquerying,inserting,updating,anddeletingdatainrelationaldatabases.3)Whileuser-friendly,itrequiresoptimizationtoavoidper

Explain the ACID properties (Atomicity, Consistency, Isolation, Durability).Apr 16, 2025 am 12:20 AM

ACID attributes include atomicity, consistency, isolation and durability, and are the cornerstone of database design. 1. Atomicity ensures that the transaction is either completely successful or completely failed. 2. Consistency ensures that the database remains consistent before and after a transaction. 3. Isolation ensures that transactions do not interfere with each other. 4. Persistence ensures that data is permanently saved after transaction submission.

MySQL: Database Management System vs. Programming LanguageApr 16, 2025 am 12:19 AM

MySQL is not only a database management system (DBMS) but also closely related to programming languages. 1) As a DBMS, MySQL is used to store, organize and retrieve data, and optimizing indexes can improve query performance. 2) Combining SQL with programming languages, embedded in Python, using ORM tools such as SQLAlchemy can simplify operations. 3) Performance optimization includes indexing, querying, caching, library and table division and transaction management.

MySQL: Managing Data with SQL CommandsApr 16, 2025 am 12:19 AM

MySQL uses SQL commands to manage data. 1. Basic commands include SELECT, INSERT, UPDATE and DELETE. 2. Advanced usage involves JOIN, subquery and aggregate functions. 3. Common errors include syntax, logic and performance issues. 4. Optimization tips include using indexes, avoiding SELECT* and using LIMIT.

See all articles