I have good news and bad news on this one.
GOOD NEWS
You could use the general log as a table you can query
Step 01) Add this to /etc/my.cnf
[mysqld]
log
log-output=TABLE
Step 02) service mysql restart
OK mysqld is not recording every query in the table mysql.general_log
. Problem: look at the initial layout of mysql.general_log
:
mysql> show create table mysql.general_log\G
*************************** 1. row ***************************
Table: general_log
Create Table: CREATE TABLE `general_log` (
`event_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`user_host` mediumtext NOT NULL,
`thread_id` int(11) NOT NULL,
`server_id` int(10) unsigned NOT NULL,
`command_type` varchar(64) NOT NULL,
`argument` mediumtext NOT NULL
) ENGINE=CSV DEFAULT CHARSET=utf8 COMMENT='General log'
1 row in set (0.09 sec)
What good is a the general log as a CSV table
Step 03) Make mysql.general_log
a MyISAM table and index it
SET @old_log_state = @@global.general_log;
SET GLOBAL general_log = 'OFF';
ALTER TABLE mysql.general_log ENGINE = MyISAM;
ALTER TABLE mysql.general_log ADD INDEX (event_time);
SET GLOBAL general_log = @old_log_state;
Now it looks like this:
mysql> show create table general_log\G
*************************** 1. row ***************************
Table: general_log
Create Table: CREATE TABLE `general_log` (
`event_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`user_host` mediumtext NOT NULL,
`thread_id` int(11) NOT NULL,
`server_id` int(10) unsigned NOT NULL,
`command_type` varchar(64) NOT NULL,
`argument` mediumtext NOT NULL,
KEY `event_time` (`event_time`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='General log'
1 row in set (0.00 sec)
mysql>
THe user and host values are appended together in the user_host fields.
How do you rotate out the general log?
Here is an example of how to blank out mysql.general_log
:
SET @old_log_state = @@global.general_log;
SET GLOBAL general_log = 'OFF';
CREATE TABLE mysql.general_log_new LIKE mysql.general_log;
DROP TABLE mysql.general_log;
ALTER TABLE mysql.general_log_new RENAME mysql.general_log;
SET GLOBAL general_log = @old_log_state;
Here is an example of how to keep the last 3 days of entries:
SET @old_log_state = @@global.general_log;
SET GLOBAL general_log = 'OFF';
CREATE TABLE mysql.general_log_new LIKE mysql.general_log;
INSERT INTO mysql.general_log_new
SELECT * FROM mysql.general_log WHERE event_time > NOW() - INTERVAL 3 DAY;
DROP TABLE mysql.general_log;
ALTER TABLE mysql.general_log_new RENAME mysql.general_log;
SET GLOBAL general_log = @old_log_state;
BAD NEWS
Anything you have collected in the text file version of the general log will not come for the ride. You can collect new entries going forward.
I normally do not endorse any one specific product, but in this case I will make an exception.
I have personally evaluated a product called Gazzang. It can encrypt data in such a way that when transported to another server, the data is unreadable unless the encryption key is copied and verified on that external server. I have tried this and copied /var/lib/mysql on another server that did not have the encryption key. The only SQL command that worked with the database encrypted is SHOW DATABASES;
. Nothing else worked.
There are some hoops to jump through to get an entire /var/lib/mysql
folder encrypted. Once done, you never have to worry about data encryption. Perhaps you could start like this:
- Installation MySQL on a DB Server
- Apply Gazzang's ezncrypt program against the empty
/var/lib/mysql
- Load a mysqldump into it
The beautiful part of my evaluation was that the MySQL data was fully accessible by standard DB Connections. Gazzang does not shield normal access protocols. You must take up responsibility for securing passwords:
EPILOGUE
As for the physical data itself, this worked during the 30-day evaluation. Please evaluate it for yourself. I will leave it to you to investigate production case studies on Gazzang.
UPDATE 2015-09-29 12:26 EDT
Cloudera purchased and deprecated Gazzang.
Cloudera Data Encryption is still available.
Best Answer
You may use the mcaffee audit plugin https://github.com/mcafee/mysql-audit/wiki/Installation there you can filter hosts in logging.
You could also refuse all hosts specifying a mysql User with an appropriate Host. ('user'@'allowedHostIpRange').