Here is a step-by-step guide to implementing the MariaDB Audit Plugin in CentOS:
- Install the Audit Plugin
sudo yum install -y MariaDB-audit
This will install the Audit Plugin and any required dependencies.
- Enable the Audit Plugin:
sudo nano /etc/my.cnf.d/server.cnf
Add the following lines to the end of the file:
[mysqld]
plugin_load_add = audit_log.so
audit_log_format = JSON
audit_log_rotate_on_size = 10M
audit_log_rotate_on_time = D1
This will enable the Audit Plugin and configure it to write audit logs in JSON format. It will also rotate logs on a daily basis and when the log file size exceeds 10 megabytes.
- Restart the MariaDB server:
sudo systemctl restart mariadb
This will restart the MariaDB server and apply the changes.
- Verify that the Audit Plugin is working:
sudo mysql -u root -p
Enter the root password when prompted. Once you are connected to the MySQL prompt, execute some SQL statements, such as creating a new table or inserting some data. Then, check the audit log to verify that the statements were recorded:
sudo tail -f /var/log/mysql/audit.log
This will display the last few lines of the audit log in real-time. If the Audit Plugin is working correctly, you should see entries for the SQL statements you executed.
- Fine-tune the Audit Plugin configuration:
You can fine-tune the Audit Plugin configuration by adding or changing options in the server.cnf file. For example, you can configure the Audit Plugin to only record certain types of statements, such as INSERT or SELECT statements. You can also configure the Audit Plugin to record only statements executed by certain users or from certain IP addresses.
- Analyze the Audit Logs:
Once the Audit Plugin is up and running, you can use a log analysis tool to parse and analyze the logs. There are several log analysis tools available for MariaDB, including the MariaDB Audit Log Analyzer (MAK) and the MariaDB MaxScale Audit Log Analyzer.