查看方式
- 已知至少有两种方式可以实现
1.开启 general_log 就可以观察到
- 开启命令
mysql> set global general_log=ON;
- 执行一些操作
[root@mgr2 ~]# mysql -uGreatSQL -pGreatSQL -h192.168.6.217 -P3306
mysql> use test;
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| book |
| student |
| t1 |
+----------------+
3 rows in set (0.01 sec)
mysql> select * from t1;
+------+--------+
| id | name |
+------+--------+
| 1 | 哈哈 |
| 2 | 你好 |
| 3 | 呵呵 |
+------+--------+
5 rows in set (0.00 sec)
mysql> delete from test.t1 where id=4;
Query OK, 1 row affected (0.02 sec)
- 查看
general_log
日志信息,已经完整记录到了。
2022-01-20T21:46:17.073491-05:00 32 Connect GreatSQL@192.168.6.216 on using TCP/IP
2022-01-20T21:46:17.074048-05:00 32 Query select @@version_comment limit 1
2022-01-20T21:46:20.217080-05:00 32 Query SELECT DATABASE()
2022-01-20T21:46:20.217657-05:00 32 Init DB test
2022-01-20T21:46:20.218960-05:00 32 Query show databases
2022-01-20T21:46:20.220347-05:00 32 Query show tables
2022-01-20T21:46:20.222050-05:00 32 Field List book
2022-01-20T21:46:20.222644-05:00 32 Field List student
2022-01-20T21:46:20.223106-05:00 32 Field List t1
2022-01-20T21:46:22.856100-05:00 32 Query show tables
2022-01-20T21:46:31.156616-05:00 32 Query select * from t1
2022-01-20T21:46:43.136448-05:00 32 Query delete from test.t1 where id=4
2.抓包
- 这里采用 MySQL Sniffer 进行抓包。
1.MySQL Sniffer 介绍
- MySQL Sniffer 是一个基于 MySQL 协议的抓包工具,实时抓取 MySQL Server 端的请求,并格式化输出。
- 输出内容包访问括时间、访问用户、来源 IP、访问 Database、命令耗时、返回数据行数、执行语句等。有批量抓取多个端口,后台运行,日志分割等多种使用方式,操作便捷,输出友好。
- 开源出品方:奇虎360
- github 地址:https://github.com/Qihoo360/mysql-sniffer/blob/master/README_CN.md
2.安装依赖包
yum install gcc gcc-c++ cmake libpcap-devel glib2-devel libnet-devel -y
3.安装命令
git clone https://github.com/Qihoo360/mysql-sniffer.git
cd mysql-sniffer
mkdir proj
cd proj
cmake ../
make
编译过程中出现一些问题,参考 https://www.cnblogs.com/kerrycode/p/14948381.html 解决,感谢!
3.查看帮助
- 安装后工具在 bin 目录下。
[root@mgr3 bin]# ./mysql-sniffer -help
Usage ./mysql-sniffer [-d] -i eth0 -p 3306,3307,3308 -l /var/log/mysql-sniffer/ -e stderr
[-d] -i eth0 -r 3000-4000
-d daemon mode.
-s how often to split the log file(minute, eg. 1440). if less than 0, split log everyday
-i interface. Default to eth0
-p port, default to 3306. Multiple ports should be splited by ','. eg. 3306,3307
this option has no effect when -f is set.
-r port range, Don't use -r and -p at the same time
-l query log DIRECTORY. Make sure that the directory is accessible. Default to stdout.
-e error log FILENAME or 'stderr'. if set to /dev/null, runtime error will not be recorded
-f filename. use pcap file instead capturing the network interface
-w white list. dont capture the port. Multiple ports should be splited by ','.
-t truncation length. truncate long query if it's longer than specified length. Less than 0 means no truncation
-n keeping tcp stream count, if not set, default is 65536. if active tcp count is larger than the specified count, mysql-sniffer will remove the oldest one
4.测试
- 参考GITHUB进行测试
1.实时抓取某端口信息并打印到屏幕
输出格式为:时间,访问用户,来源 IP,访问 Database,命令耗时,返回数据行数,执行语句。
- 控制台监听
- 执行一些操作
mysql> use test;
Database changed
mysql> create table t1 (id int(11) not null auto_increment, name varchar(64), primary key(id));
Query OK, 0 rows affected (0.06 sec)
mysql> insert into t1 values (1,'小明'),(2,'小陈');
Query OK, 2 rows affected (0.00 sec)
Records: 2 Duplicates: 0 Warnings: 0
mysql> delete from t1 where id=1;
Query OK, 1 row affected (0.00 sec)
mysql> select * from t1;
+----+--------+
| id | name |
+----+--------+
| 2 | 小陈 |
+----+--------+
1 row in set (0.00 sec)
- 控制台输出
2022-01-21 14:37:09 GreatSQL 192.168.6.216 NULL 0ms 1 select @@version_comment limit 1
2022-01-21 14:37:31 GreatSQL 192.168.6.216 NULL 0ms 2 show databases
2022-01-21 14:37:37 GreatSQL 192.168.6.216 NULL 0ms 1 SELECT DATABASE()
2022-01-21 14:37:37 GreatSQL 192.168.6.216 test 0ms 0 use test
2022-01-21 14:37:37 GreatSQL 192.168.6.216 test 0ms 2 show databases
2022-01-21 14:37:37 GreatSQL 192.168.6.216 test 11ms 0 show tables
2022-01-21 14:41:58 GreatSQL 192.168.6.216 test 60ms 0 create table t1 (id int(11) not null auto_increment, name varchar(64), primary key(id))
2022-01-21 14:42:40 GreatSQL 192.168.6.216 test 0ms 2 insert into t1 values (1,'小明'),(2,'小陈')
2022-01-21 14:42:54 GreatSQL 192.168.6.216 test 0ms 1 delete from t1 where id=1
2022-01-21 14:43:04 GreatSQL 192.168.6.216 test 0ms 1 select * from t1
- 目前看有正常抓取到信息
2、可以把抓包的数据存储到文件
- 文件名称就是端口名称,如果文件没内容,可以改成MySQL用户权限组试一下
./mysql-sniffer -i eth1 -p 33061 -l ./
[root@mgr3 bin]# more 33061.log
2022-01-21 15:00:11 NULL 192.168.6.216 test 0ms 0 use test
2022-01-21 15:00:11 NULL 192.168.6.216 test 0ms 1 SELECT DATABASE()
- 其他功能就不一一测试了
- 特别注意,以上是在 MySQL5.6 版本测试获取的,在 8.0 版本中可能由于MySQL协议变更导致抓不到数据包,同时该工具存在一定的丢包情况。