|
#1/bin/bash
#parameters
print_help(){
echo "++++++++++++++++++++++++++++++++"
echo "mysql audit tool"
echo "-l login"
echo "-u user "
echo "-f mysql log file"
echo "sh mysql_audit.sh -l -u root@localhost -f /home/mysql/log/hostname.log"
echo "sh mysql_audit.sh -u root@localhost -f /home/mysql/log/hostname.log"
echo "sh mysql_audit.sh -d -f /home/mysql/log/hostname.log"
exit 1
echo "++++++++++++++++++++++++++++++++"
}
# getopt
while getopts :ldu:f: myarg
do
case $myarg in
:) echo "You should specify the argument value"
print_help;;
l) login=True;;
u) user=$OPTARG;;
f) file=$OPTARG;;
d) denied=True;;
*) echo "Unkown argument"
print_help;;
esac
done
#function
get_login(){
awk -v temp=$user '$4~/Connect/{a[$3]=($5==temp)?1:0;if(a[$3]){for(i=1;i<=NF;i++){printf $i" "}printf "\n"}} $4~/^Quit$/{if(a[$3]){for(i=1;i<=NF;i++){printf $i" "}printf "\n"}}' /tmp/mysql_audit.log
rm -rf /tmp/mysql_audit.log
exit 0
}
get_operation(){
awk -v temp=$user '$4~/^Connect$/{a[$3]=($5==temp)?1:0}(a[$3]==1){for(i=1;i<=NF;i++){printf $i" "}printf "\n"}' /tmp/tlog
rm -rf /tmp/mysql_audit.log
exit 0
}
get_denied(){
awk '$4~/^Connect$/&& $6~/^denied$/' /tmp/mysql_audit.log
exit 0
}
check_option(){
if [ "$login" = "True" -a -n "$user" ];then
echo "Date Time User"
get_login
elif [ -z "$login" -a -n "$user" ];then
echo "Date Time ID Command"
get_operation
elif [ "$denied" = "True" -a -z "$login" ];then
echo "Denied"
get_denied
else
print_help
fi
}
grep -Ev '(^Tcp.*Unix|^Time.*Argument$|.*started with:$)' $file |awk --posix '$1~/^[0-9]{6}$/{a=$1" "$2;b=$1" "$2" "$3" "}$1~/^[0-9]{1,3}$/{$0=a$0}$1!~/^[0-9]+$/{$0=b$0}1' >/tmp/mysql_audit.log
#main
check_option
|
