MariaDB Audit Plugin - Installation
The server_audit plugin logs the server's activity. For each client session, it records who connected to the server (i.e., user name and host), what queries were executed, and which tables were accessed and server variables that were changed. This information is stored in a rotating log file or it may be sent to the local syslogd.
Contents
Locating the Plugin
The server_audit plugin's shared library is included in MariaDB packages as the server_audit.so or server_audit.dll shared library on systems where it can be built.
The plugin must be located in the plugin directory, the directory containing all plugin libraries for MariaDB. The path to this directory is configured by the plugin_dir system variable. To see the value of this variable and thereby determine the file path of the plugin library, execute the following SQL statement:
SHOW GLOBAL VARIABLES LIKE 'plugin_dir'; +---------------+--------------------------+ | Variable_name | Value | +---------------+--------------------------+ | plugin_dir | /usr/lib64/mysql/plugin/ | +---------------+--------------------------+
Check the directory returned at the filesystem level to make sure that you have a copy of the plugin library, server_audit.so or server_audit.dll, depending on your system. It's included in recent installations of MariaDB. If you do not have it, you should upgrade MariaDB.
Installing the Plugin
Although the plugin's shared library is distributed with MariaDB by default, the plugin is not actually installed by MariaDB by default. There are two methods that can be used to install the plugin with MariaDB.
The first method can be used to install the plugin without restarting the server. You can install the plugin dynamically by executing INSTALL SONAME or INSTALL PLUGIN. For example:
INSTALL SONAME 'server_audit';
The second method can be used to tell the server to load the plugin when it starts up. The plugin can be installed this way by providing the --plugin-load or the --plugin-load-add options. This can be specified as a command-line argument to mysqld or it can be specified in a relevant server option group in an option file. For example:
[mariadb] ... plugin_load_add = server_audit
Uninstalling the Plugin
You can uninstall the plugin dynamically by executing UNINSTALL SONAME or UNINSTALL PLUGIN. For example:
UNINSTALL SONAME 'server_audit';
If you installed the plugin by providing the --plugin-load or the --plugin-load-add options in a relevant server option group in an option file, then those options should be removed to prevent the plugin from being loaded the next time the server is restarted.
Prohibiting Uninstallation
The UNINSTALL SONAME or UNINSTALL PLUGIN statements may be used to uninstall plugins. For the server_audit plugin, you might want to disable this capability. To prevent the plugin from being uninstalled, you could set the the server_audit option to FORCE_PLUS_PERMANENT in a relevant server option group in an option file after the plugin is loaded once:
[mariadb] ... plugin_load_add = server_audit server_audit=FORCE_PLUS_PERMANENT
Once you've added the option to the server's option file and restarted the server, the plugin can't be uninstalled. If someone tries to uninstall the audit plugin, then an error message will be returned. Below is an example of the error message:
UNINSTALL PLUGIN server_audit; ERROR 1702 (HY000): Plugin 'server_audit' is force_plus_permanent and can not be unloaded
For more information on FORCE_PLUS_PERMANENT and other option values for the server_audit option, see Plugin Overview: Configuring Plugin Activation at Server Startup for more information.
