上篇加了bash_history的监控,这篇说mysql_history的监控。不像bash4,mysql自始至终没有提供过syslog的代码,只能自己通过守护进程去实时获取~/.mysql_history的记录了。一个小脚本如下: ```perl#!/usr/bin/perl -w use POE qw(Wheel::FollowTail); use Log::Syslog::Fast qw(:all);
defined(my $pid = fork) or die “Cant fork:$!”;
unless($pid){
}else{
exit 0;
}
POE::Session->create( inline_states => { start => sub { $[HEAP]{tailor} = POE::Wheel::FollowTail->new( Filename => “/root/.mysql_history”, InputEvent => “got_log_line”, ResetEvent => “got_log_rollover”, ); }, got_log_line => sub { #通过Data::Dumper看到实际是$[10],不过在POE::Session里定义了sub ARG0 () { 10 };这样写起来简单了 to_rsyslog($[ARG0]); }, got_log_rollover => sub { to_rsyslog(‘roll’); }, } );
POE::Kernel->run(); exit;
sub to_rsyslog { $message = join’ ‘,@_; #rsyslog开的是UDP的514端口;而LOG_LOCAL0和LOG_INFO都是syslog定义的,乱写的话会自动归入kernel | alert my $logger = Log::Syslog::Fast->new(LOG_UDP, “10.0.0.123”, 514, LOG_LOCAL0, LOG_INFO, “mysql_231”, “mysql_monitor”); $logger->send($message ,time); };```
当然,mysql的history其实不止一个位置,需要判断~
