4

MySQL Shell 101 - System Log - Percona Database Performance Blog

 2 years ago
source link: https://www.percona.com/blog/mysql-shell-101-system-log/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

MySQL Shell 101 - System LogOne of the new features introduced in MySQL 8.0.24 was the ability to log all SQL statements that are issued in the MySQL Shell to the system log. This is a useful feature that can greatly assist in tracking who did what on the system.

Usage

The simplest way to utilize the new Shell logging feature is to simply start the MySQL Shell with the syslog option enabled like so:

Shell
$> mysqlsh --syslog --sql root@localhost

From this point forward all SQL entered in the MySQL Shell will be logged to the system log. For example, the following SQL is entered into the Shell:

Shell
MySQL  localhost:33060+ ssl  SQL > show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+

We can now check the system log and verify that the statement above was indeed logged as expected, along with the system user and MySQL user that was used:

Shell
$> journalctl $(which mysqlsh)
Jun 28 10:01:11 localhost mysqlsh[9558]: SYSTEM_USER=brian MYSQL_USER=root CONNECTION_ID=16 DB_SERVER=localhost DB='--' QUERY='show databases;'

Exclusions

As per the MySQL user manual, not all statements will be logged to the system log. Basically, any statements that would normally be excluded from the MySQL Shell code history for security reasons will also be excluded from the system log. We can verify what will be excluded by checking the MySQL Shell options in JS mode:

Shell
MySQL  localhost:33060+ ssl  JS > shell.options

This will list all current options for the shell, and the key one here is the history.sql.ignorePattern option. In our case, it is set as follows:

Shell
"history.sql.ignorePattern": "*IDENTIFIED*:*PASSWORD*"

So any SQL statement containing the words IDENTIFIED or PASSWORD will be ignored, and will not be logged into the MySQL Shell history, nor the system log even with logging enabled. This alleviates any security concerns about passwords being set in plain text in the system log.

Logging By Default

To automatically enable system logging from the MySQL Shell without having to specify it at each runtime, it is possible to set the option to persist. From the MySQL Shell, enter JS mode and set the following option:

Shell
MySQL  localhost:33060+ ssl  JS > shell.options.setPersist("history.sql.syslog",1)

From this point forward all SQL that is entered in the MySQL shell will be logged to the system log by default.

Wrapping Up

Knowing who executed what in the MySQL Shell is a very useful administrative tool, and can help when tracking down issues or finding out who issued a particular statement at a given time. While not an entirely foolproof method of auditing (logging can still be disabled on a per-session basis), it is just another item for the DBA toolbox that can ease the administrative burden of today’s large database installations.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK