Jul
13
2017
--

BloomAPI locks down $2.4M to fix medical record releases

 Seattle-based BloomAPI is announcing a $2.4 million seed round this morning for its solution to the broken medical records release process. It’s no secret that the entire U.S. healthcare system is held back by antiquated technology — but unlike many competitors, BloomAPI offers a solution that works with, and not against, the old-school technologies. Read More

Apr
06
2017
--

Twitter unveils a new API platform, roadmap and vision for its developer community

 Twitter historically has had a rocky relationship with its developer community. It once encouraged third-party apps, then later restricting them; hosting developer conferences, then killing them; debuting a suite of developer tools, then selling them; and despite issuing a mea culpa, the company failed to regain the trust of many. Read More

Mar
25
2017
--

Matroid can watch videos and detect anything within them

 If a picture is worth a thousand words, a video is worth that times the frame rate. Matroid, a computer vision startup launching out of stealth today, enables anyone to take advantage of the information inherently embedded in video. You can build your own detector within the company’s intuitive, non-technical, web platform to detect people and most other objects. Reza Zadeh, founder… Read More

Nov
29
2016
--

Synq launches a video API so you don’t have to build video delivery from scratch

synq_logo_office Say you’re an app developer and you need to give your app users a way of uploading, storing and playing back video. Instead of having to build your own video content management system or licensing one of the existing ones, Synq offers developers a third option. The company is launching its “cloud video API for Developers,” service today, aiming to be a full video… Read More

Aug
25
2015
--

Slack Leans On Companies Like Box And Nuzzel To Use “Add To Slack” Buttons For Contextual Integration

Screen Shot 2015-08-25 at 9.24.52 AM Slack’s true power is being a platform. A platform that other tools can plug into and play nice with. The company says there are 80+ of these types of integrations and thousands of developers hacking away at adding more. Right now, you have to rely on you or someone on your team finding the integrations that you want on the integrations page and then adding it to your instance of Slack.… Read More

Mar
05
2015
--

Dropbox Brings Groups Functionality To Its Business Product

dropbox-screen After a multi-month preview, Dropbox today announced that it is generally releasing its groups feature to business customers, along with an API that will allow IT departments to integrate the capability into their normal organizational flow. Groups allows companies that use Dropbox to segment their employee base to quickly assign access to various files and folders. Dropbox, a company that… Read More

May
23
2013
--

Experiences with the McAfee MySQL Audit Plugin

I recently had to do some customer work involving the McAfee MySQL Audit Plugin and would like to share my experience in this post.

Auditing user activity in MySQL  has traditionally been challenging. Most data can be obtained from the slow or general log, but this involves a lot of data you don’t need too, and isn’t flexible at all. The specific problem of logging failed connection attempts has been discussed on a previous post in our blog.

Starting with 5.1, the new plugin API gives us more flexibility by allowing users to extend the server’s functionality with their own code, and this is what the McAffee plugin does.

Installation and configuration are straightforward following the available instructions. The only extra step I had to take was to extract the offsets for the Percona Server version I was using for the test (5.5.28-29.1). This is needed as the plugin needs the offset to some MySQL data structures that, the plugin authors say, aren’t exposed by a consistent API. If you also need to do this, the details are clearly explained here.

The plugin writes its output in json format, and supports writing it directly to a file, or to a unix socket, which means you can write a script to listen on this socket and process the audit records as you wish.

Performance-wise, I did basic tests on the VM I was working in and didn’t get significant differences between either output option, or between using the plugin or enabling the general log. Bear in mind these were basic tests (just a few mysqlslap runs with increasing levels of concurrency), but initially, I would think the advantage of the plugin is its flexibility, and not its performance, which seems to be on par with having the general log enabled.

The flexibility comes from the three variables that can be set to control what is logged by the plugin:
– audit_record_cmds : This is the list of commands you want written to the log (all the lists in these variables are comma separated). As pointed here, anything that would generate a write to the general log will be sent to the plugin, and you can control if it gets written on not with this list. I tested this with “connect,Quit” to log successful and failed connections. Yes, it had to be a capital Q in Quit for that to work, and no, my code-fu was not enough to understand why that is the case. Maybe someone more knowledgeable in MySQL internals can enlighten me here.
– audit_record_objs : List of database objects (tables, according to the docs) for which you want events written to the log.
– audit_whitelist_users : This one is undocumented on the wiki at the time of writing, and is a list of users for which you do not want events written to the log.

Just for reference, these are the lines I had to add to my config file for the plugin to work (plus one commented line for switching between file and socket for output):


plugin-load=AUDIT=libaudit_plugin.so
audit_offsets=6464, 6512, 4072, 4512, 104, 2584
audit_json_file=1
audit_json_socket_name=/tmp/audit.sock
#audit_json_socket=1
audit_json_log_file=/var/lib/mysql/audit.log
audit_record_cmds=connect,Quit

Notice the audit_offsets that I mentioned had to be extracted due to this Percona Server version not being included in the binary.

And here’s a few sample output lines generated by the plugin with this configuration:

{"msg-type":"activity","date":"1369155747373","thread-id":"6439","query-id":"0","user":"debian-sys-maint","priv_user":"debian-sys-maint","host":"localhost","cmd":"Connect","query":"Connect"}
{"msg-type":"activity","date":"1369155747373","thread-id":"6439","query-id":"219309","user":"debian-sys-maint","priv_user":"debian-sys-maint","host":"localhost","cmd":"Quit","query":"Quit"}
{"msg-type":"activity","date":"1369155747383","thread-id":"6440","query-id":"0","user":"debian-sys-maint","priv_user":"debian-sys-maint","host":"localhost","cmd":"Connect","query":"Connect"}

In conclusion, the plugin API seems to be opening new possibilities of extending MySQL’s behavior in a way that, once set up, is transparent to users, and the McAfee MySQL Audit Plugin is only one of example of what can be achieved with it. It is a very good one for me, since I think proper audit trail support has been an important missing feature on the server, which has made using MySQL in PCI or SOX compliant environments, to name just two, artificially complicated, as one had to rely on too much info (general log) or external help (snort or similar IDS).

The post Experiences with the McAfee MySQL Audit Plugin appeared first on MySQL Performance Blog.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com