Chinaunix首页 | 论坛 | 博客
  • 博客访问: 205957
  • 博文数量: 75
  • 博客积分: 2049
  • 博客等级: 大尉
  • 技术积分: 780
  • 用 户 组: 普通用户
  • 注册时间: 2009-04-08 12:37
文章分类

全部博文(75)

文章存档

2011年(1)

2010年(9)

2009年(65)

我的朋友

分类: LINUX

2009-06-23 15:27:10


#1/bin/bash


#parameters


print_help(){
    echo "++++++++++++++++++++++++++++++++"
    echo "mysql audit tool"
    echo "-l login"
    echo "-u user "
    echo "-f mysql log file"
    echo "sh mysql_audit.sh -l -u root@localhost -f /home/mysql/log/hostname.log"
    echo "sh mysql_audit.sh -u root@localhost -f /home/mysql/log/hostname.log"
    echo "sh mysql_audit.sh -d -f /home/mysql/log/hostname.log"
    exit 1
        echo "++++++++++++++++++++++++++++++++"

}

# getopt

while getopts :ldu:f: myarg
do
    case    $myarg in
    :) echo "You should specify the argument value"
     print_help;;
    l) login=True;;
    u) user=$OPTARG;;
    f) file=$OPTARG;;
    d) denied=True;;
    *) echo "Unkown argument"
     print_help;;
    esac
    
done


#function


get_login(){
    awk -v temp=$user '$4~/Connect/{a[$3]=($5==temp)?1:0;if(a[$3]){for(i=1;i<=NF;i++){printf $i" "}printf "\n"}} $4~/^Quit$/{if(a[$3]){for(i=1;i<=NF;i++){printf $i" "}printf "\n"}}' /tmp/mysql_audit.log
    rm -rf /tmp/mysql_audit.log
    exit 0
}

get_operation(){
    awk -v temp=$user '$4~/^Connect$/{a[$3]=($5==temp)?1:0}(a[$3]==1){for(i=1;i<=NF;i++){printf $i" "}printf "\n"}' /tmp/tlog
    rm -rf /tmp/mysql_audit.log
    exit 0    
}

get_denied(){
    awk '$4~/^Connect$/&& $6~/^denied$/' /tmp/mysql_audit.log
    exit 0
}

check_option(){
    if [ "$login" = "True" -a -n "$user" ];then
        echo "Date Time User"
        get_login
    elif [ -z "$login" -a -n "$user" ];then
        echo "Date Time ID Command"
        get_operation
    elif [ "$denied" = "True" -a -z "$login" ];then
        echo "Denied"
        get_denied
    else
        print_help
    fi

}

grep -Ev '(^Tcp.*Unix|^Time.*Argument$|.*started with:$)' $file |awk --posix '$1~/^[0-9]{6}$/{a=$1" "$2;b=$1" "$2" "$3" "}$1~/^[0-9]{1,3}$/{$0=a$0}$1!~/^[0-9]+$/{$0=b$0}1' >/tmp/mysql_audit.log

#main

check_option


阅读(1004) | 评论(0) | 转发(0) |
0

上一篇:linux笔记

下一篇:mysql审计(perl)

给主人留下些什么吧!~~