search

trellix-enterprise / mysql-audit

AUDIT Plugin for MySQL. See wiki and readme for description. If you find the plugin useful, please star us on GitHub. We love stars and it's a great way to show your feedback.
Other
239 stars 57 forks source link

Plugin 'AUDIT' does not support MySQL 8.0.26 #247

Open 437024677 opened 2 years ago

437024677 commented 2 years ago

environment: CentOS Linux release 7.5.1804 (Core) CentOS Linux release 8以上 Server version: 8.0.26 MySQL Community Server - GPL Mcafee Version:V1.1.11、V1.1.10 background: I want to implement the audit function of MySQL 8.0.26 community version through the Mcafee plug-in, but after executing the offset-extract.sh script and adding the obtained value to the my.cnf configuration file, the MySQL service reports an error and cannot be started normally. Steps:

  1. Download the Mcafee plugin and unzip it unzip audit-plugin-mysql-8.0-1.1.10-980-linux-x86_64.zip
  2. Copy the audit plugin to the plugin directory of the MySQL service cp libaudit_plugin.so /opt/mysql/base/8.0.26/lib/plugin/ chmod 755 libaudit_plugin.so
  3. Execute the offset-extract.sh script to obtain the corresponding value and add it to the my.cnf configuration file [root@localhost audit-plugin-mysql-8.0-1.1.11-985]# sh ./utils/offset-extract.sh /opt/mysql/base/8.0.26/bin/mysqld //offsets for: /opt/mysql/base/8.0.26/bin/mysqld (8.0.26) {"8.0.26","d396e817c431251e715fbbc54fd8cd05", 8504, 8544, 4048, 5520, 496, 0, 0, 32, 64, 160, 584, 8644, 5144, 4208, 4216, 4220, 6800, 1608, 32, 7760, 7800, 7784, 11528, 140, 664, 328},
  4. Add the following content to the configuration file plugin-load=AUDIT=libaudit_plugin.so audit_offsets= 8504, 8544, 4048, 5520, 496, 0, 0, 32, 64, 160, 584, 8644, 5144, 4208, 4216, 4220, 6800, 1608, 32, 7760, 7800, 7784, 11528, 140, 664, 328
  5. Restart the MySQL service and report an error: [root@localhost ~]# systemctl restart mysqld_3306 Job for mysqld_3306.service failed because the control process exited with error code. See "systemctl status mysqld_3306.service" and "journalctl -xe" for details. The error log is as follows: 2022-07-15T03:09:36.519685-00:00 0 [Note] [MY-010252] [Server] Server hostname (bind-address): '*'; port: 3306 2022-07-15T03:09:36.520089-00:00 0 [Note] [MY-010253] [Server] IPv6 is available. 2022-07-15T03:09:36.520421-00:00 0 [Note] [MY-010264] [Server] - '::' resolves to '::'; 2022-07-15T03:09:36.520764-00:00 0 [Note] [MY-010251] [Server] Server socket created on IP: '::'. 2022-07-15T03:09:36.532209-00:00 0 [ERROR] [MY-000067] [Server] unknown variable 'audit_offsets=8504, 8544, 4048, 5520, 496, 0, 0, 32, 64, 160, 584, 8644, 5144, 4208, 4216, 4220, 6800, 1608, 32, 7760, 7800, 7784, 11528, 140, 664, 328'. 2022-07-15T03:09:36.533817-00:00 0 [ERROR] [MY-010119] [Server] Aborting 2022-07-15T03:09:36.541307-00:00 0 [Note] [MY-012330] [InnoDB] FTS optimize thread exiting. 2022-07-15T03:09:37.273427-00:00 0 [Note] [MY-010120] [Server] Binlog end 2022-07-15T03:09:37.276284-00:00 0 [Note] [MY-010733] [Server] Shutting down plugin 'rpl_semi_sync_slave' 2022-07-15T03:09:37.276451-00:00 0 [Note] [MY-010733] [Server] Shutting down plugin 'rpl_semi_sync_master' 2022-07-15T03:09:37.277302-00:00 0 [Note] [MY-011168] [Repl] Stopping ack receiver thread. 2022-07-15T03:09:37.278006-00:00 0 [Note] [MY-011175] [Repl] unregister_replicator OK. Use the above steps to configure the MySQL8.0.25 community edition, and the audit plug-in can be installed normally, so it may be that the plug-in is not suitable for MySQL8.0.26 version, please help and support here, thank you very much!