#!/bin/perl
use Getopt::Long;
#function
sub check_options{
Getopt::Long::Configure ("bundling");
GetOptions (
'h'=>\$o_help,
'u:s'=>\$o_user,
'l'=>\$o_login,
'o'=>\$o_operation,
'f:s'=>\$o_file,
'd'=>\$o_denied
);
if(defined $o_help){help();exit};
if(!defined $o_file){help();exit};
if(defined $o_operation && !defined $o_user){help();exit};
if($o_login+$o_operation+$o_denied>1){help();exit};
}
sub help{
print "++++++++++++++++++++++++++++++++\n";
print " Mysql audit tool\n";
print "option:-l show login messege\n";
print "option:-o show user operation\n";
print "option:-d show deniey messege\n";
print "option:-u specify user \n";
print "option:-f specify mysql log file\n";
print "Example1: perl mysql_audit.pl -l -u 'root@localhost' -f /home/mysql/log/hostname.log\n";
print "Example2: perl mysql_audit.pl -o -u 'root@localhost' -f /home/mysql/log/hostname.log\n";
print "Example3: perl mysql_audit.pl -d -u 'root@localhost' -f /home/mysql/log/hostname.log\n";
print "If not specify the -u option it will show all user messege\n";
print "++++++++++++++++++++++++++++++++\n";
}
sub get_operation{
my @data=@_;
$pid{$data[-4]}=1 if($data[-3] eq "Connect" && $data[-2] eq $o_user);
delete $pid{$data[-4]} if ($data[-3] eq "Connect" && $data[-2] ne $o_user); #delete if pid is other user
delete $pid{$data[-10]} if ($data[-9]) eq "Connect" && $data[-7] eq "denied"; #delete if denied pid
if(( $pid{$data[0]}==1 || $pid{$data[2]}==1 ) || ($data[0]==0 && $flag==1)){
print "@data\n";$flag=1;
}
else{
$flag=0;
}
}
sub get_login{
my @data=@_;
print if($data[-3] eq "Connect" && $data[-2] eq "$o_user");
print if($data[-3] eq "Connect" && !defined $o_user);
}
sub get_denied{
my @data=@_;
$data[-4]=~s/'//g if($data[-7] eq "denied");
print if($data[-7] eq "denied" && $o_user eq $data[-4]);
print if($data[-7] eq "denied" && !defined $o_user);
}
check_options();
open(DATA,"$o_file") or die "Can't open file $o_file";
while(
)
{
my @data=split;
get_operation(@data) if(defined $o_operation);
get_login(@data) if(defined $o_login);
get_denied(@data) if(defined $o_denied);
}
阅读(923) | 评论(0) | 转发(0) |