To be absolutely clear this plugin is alternative to the MySQL Enterprise Audit Plugin made by Percona.
This plugin is a part of Percona 5.6 version, so you can download the latest 5.6 version from http://www.percona.com ind extract .so file from there. After that you need to find your plugin folder:
mysql> show global variables like '%plugin%'; +---------------+--------------------------+ | Variable_name | Value | +---------------+--------------------------+ | plugin_dir | /usr/lib64/mysql/plugin/ | +---------------+--------------------------+ 1 row in set (0.00 sec)
and copy the audit_log.so there. To instal the plugin:
mysql> INSTALL PLUGIN audit_log SONAME 'audit_log.so'; Query OK, 0 rows affected (0.00 sec)
Now, options we can tweak here or at least most important of them:
- audit_log_buffer_size; this buffer is used to cache the queries (for asynchronous operation).
- audit_log_policy; we can log all queries or MySQL logins only (very useful if we only need to audit MySQL connections)
- audit_log_format Permitted values are
OLD,NEW, CSV and JSON(defaultOLD), more info here - audit_log_strategy; All options are listed in the documentation page:
Dynamic Variable No Permitted Values Type enumerationDefault ASYNCHRONOUSValid Values ASYNCHRONOUSPERFORMANCESEMISYNCHRONOUSSYNCHRONOUS
MySQL utilities provide a useful tool, mysqlauditgrep, to search and/or grep the logs file but you need to comment out rows 171 and 172 in file /usr/lib/python2.7/site-packages/mysql/utilities/common/audit_log_parser.py
# if self.header_rows: # record['SERVER_ID'] = self.header_rows[0]['SERVER_ID']
to make it works. Also you need to remove the first empty row in audit.log file.
Server version: 5.6.24 Source distribution
mysql> INSTALL PLUGIN audit_log SONAME ‘audit_log.so’;
ERROR 1126 (HY000): Can’t open shared library ‘/mysql-5.6.24/lib/plugin/audit_log.so’ (errno: 2 /mysql-5.6.24/lib/plugin/audit_log.so: undefined symbol: my_pthread_fastmutex_lock)
Percona5.6.24 audit_log.so