MySQL 5.6 Reference Manual Including MySQL NDB Cluster 7.3-7.4 Reference Guide
This section describes how to install MySQL Enterprise Audit, which is
implemented using the audit_log
plugin. For
general information about installing plugins, see
Section 5.5.1, “Installing and Uninstalling Plugins”.
If installed, the audit_log
plugin involves
some minimal overhead even when disabled. To avoid this
overhead, do not install MySQL Enterprise Audit unless you plan to use it.
To be usable by the server, the plugin library file must be
located in the MySQL plugin directory (the directory named by
the plugin_dir
system
variable). If necessary, configure the plugin directory location
by setting the value of
plugin_dir
at server startup.
The plugin library file base name is
audit_log
. The file name suffix differs per
platform (for example, .so
for Unix and
Unix-like systems, .dll
for Windows).
To load the plugin at server startup, use the
--plugin-load-add
option to name
the library file that contains it. With this plugin-loading
method, the option must be given each time the server starts.
For example, put the following lines in the server
my.cnf
file, adjusting the
.so
suffix for your platform as necessary:
[mysqld] plugin-load-add=audit_log.so
After modifying my.cnf
, restart the server
to cause the new settings to take effect.
Alternatively, to load the plugin at runtime, use this
statement, adjusting the .so
suffix for
your platform as necessary:
INSTALL PLUGIN audit_log SONAME 'audit_log.so';
INSTALL PLUGIN
loads the plugin,
and also registers it in the mysql.plugins
system table to cause the plugin to be loaded for each
subsequent normal server startup without the need for
--plugin-load-add
.
To verify plugin installation, examine the
INFORMATION_SCHEMA.PLUGINS
table or
use the SHOW PLUGINS
statement
(see Section 5.5.2, “Obtaining Server Plugin Information”). For
example:
mysql>SELECT PLUGIN_NAME, PLUGIN_STATUS
FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME LIKE 'audit%';
+-------------+---------------+ | PLUGIN_NAME | PLUGIN_STATUS | +-------------+---------------+ | audit_log | ACTIVE | +-------------+---------------+
If the plugin failed to initialize, check the server error log for diagnostic messages.
If the plugin has been previously registered with
INSTALL PLUGIN
or is loaded with
--plugin-load-add
, you can use
the --audit-log
option at server
startup to control plugin activation. For example, to load the
plugin at startup and prevent it from being removed at runtime,
use these options:
[mysqld] plugin-load-add=audit_log.so audit-log=FORCE_PLUS_PERMANENT
If it is desired to prevent the server from running without the
audit plugin, use --audit-log
with a value of FORCE
or
FORCE_PLUS_PERMANENT
to force server startup
to fail if the plugin does not initialize successfully.
For additional information about the parameters used to
configure operation of the audit_log
plugin,
see Audit Log Options and System Variables.
Audit log file contents are not encrypted. See Section 6.4.4.2, “MySQL Enterprise Audit Security Considerations”.