This section describes how to install MySQL Enterprise Audit, which is
implemented using the
audit_log plugin. For
general information about installing plugins, see
Section 5.5.1, “Installing and Uninstalling Plugins”.
If installed, the
audit_log plugin involves
some minimal overhead even when disabled. To avoid this
overhead, do not install MySQL Enterprise Audit unless you plan to use it.
To be usable by the server, the plugin library file must be
located in the MySQL plugin directory (the directory named by
variable). If necessary, set the value of
plugin_dir at server startup to
tell the server the plugin directory location.
The plugin library file base name is
audit_log. The file name suffix differs per
platform (for example,
.so for Unix and
.dll for Windows).
To load the plugin at server startup, use the
--plugin-load option to name the
library file that contains it. With this plugin-loading method,
the option must be given each time the server starts. For
example, put the following lines in your
my.cnf file (adjust the
.so suffix for your platform as necessary):
my.cnf, restart the server
to cause the new settings to take effect.
Alternatively, to register the plugin at runtime, use this statement (adjust the suffix as necessary):
INSTALL PLUGIN audit_log SONAME 'audit_log.so';
INSTALL PLUGIN loads the plugin,
and also registers it in the
system table to cause the plugin to be loaded for each
subsequent normal server startup.
To verify plugin installation, examine the
INFORMATION_SCHEMA.PLUGINS table or
SHOW PLUGINS statement
(see Section 5.5.2, “Obtaining Server Plugin Information”). For
mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'audit%'; +-------------+---------------+ | PLUGIN_NAME | PLUGIN_STATUS | +-------------+---------------+ | audit_log | ACTIVE | +-------------+---------------+
If the plugin fails to initialize, check the server error log for diagnostic messages.
If the plugin has been previously registered with
INSTALL PLUGIN or is loaded with
--plugin-load, you can use the
--audit-log option at server startup to control
plugin activation. For example, to load the plugin at startup
and prevent it from being removed at runtime, use these options:
[mysqld] plugin-load=audit_log.so audit-log=FORCE_PLUS_PERMANENT
If it is desired to prevent the server from running without the
audit plugin, use
with a value of
FORCE_PLUS_PERMANENT to force server startup
to fail if the plugin does not initialize successfully.
For additional information about the parameters used to
configure operation of the
see Section 126.96.36.199, “Audit Log Options and System Variables”.
Audit log file contents are not encrypted. See Section 188.8.131.52, “MySQL Enterprise Audit Security Considerations”.