Mysql資料庫基於流量審計mysql-sniffer部署
阿新 • • 發佈:2019-05-24
Base Enviroment:CentOS release 6.5 +10.1.40-MariaDB MariaDB Server
安裝完後,經過Navicat客戶端工具,java web專案,linux作業系統myql客戶端,三個維度(客戶端)的實測。
實測結果是:此工程只能做到,命令列發起的對資料庫的操作。
1.安裝mysql-sniffer:
#yum install glib2-devel libpcap-devel libnet-devel
# cd /usr/local/src/
#git clone https://github.com/Qihoo360/mysql-sniffer #此步較慢,耐心等待……
#cd mysql-sniffer
#mkdir proj
#cd proj
#cmake ../
#make
#cd bin/
2.引數檢視
./mysql-sniffer -h
Usage ./bin/mysql-sniffer [-d] -i eth0 -p 3306,3307,3308 -l /var/log/mysql-sniffer/ -e stderr [-d] -i eth0 -r 3000-4000 -d daemon mode. -s how often to split the log file(minute, eg. 1440). if less than 0, split log everyday -i interface. Default to eth0 -p port, default to 3306. Multiple ports should be splited by ','. eg. 3306,3307 this option has no effect when -f is set. -r port range, Don't use -r and -p at the same time -l query log DIRECTORY. Make sure that the directory is accessible. Default to stdout. -e error log FILENAME or 'stderr'. if set to /dev/null, runtime error will not be recorded -f filename. use pcap file instead capturing the network interface -w white list. dont capture the port. Multiple ports should be splited by ','. -t truncation length. truncate long query if it's longer than specified length. Less than 0 means no truncation -n keeping tcp stream count, if not set, default is 65536. if active tcp count is larger than the specified count, mysql-sniffer will remove the oldest one
3.執行命令,將mysql3306埠流量打到某網絡卡上(如eth0)
實時檢視>>>>>
# ./bin/mysql-sniffer -i eth0 -p 3306
打到某日誌檔案>>
# ./bin/mysql-sniffer -i eth0 -p 3306 -l /tmp/mysql-sniffer/
檢視網絡卡
4.檢視效果:
【原始碼地址:】
https://github.com/Qihoo360/mysql-sniffer/blob/ma