• MySQL二进制日志分析


     MySQL二进制日志的主要作用有三个:数据恢复、主从服务器日志复制即同步、审计判断是否有对数据库进行注入的攻击。二进制日志文件无法直接打开,需要工具进行分析。

    1、首先,启动二进制日志。参数是 log_bin,动态参数,所以需要在配置文件中设置如下。也可以直接”log_bin=“参数后面设置文件路径。查看路径的参数为datadir。

    [root@localhost mysql]# cat /etc/my.cnf
    # Remove leading # to turn on a very important data integrity option: logging

    # changes to the binary log between backups.
    log_bin

    ...

    mysql> show variables like 'datadir';
    +---------------+-----------------+
    | Variable_name | Value |
    +---------------+-----------------+
    | datadir | /var/lib/mysql/ |
    +---------------+-----------------+
    1 row in set (0.00 sec)

    mysql>

    2、二进制日志文件列表如下,

    [root@localhost mysql]# ll

    -rw-rw---- 1 mysql mysql 215978 2月 28 15:30 localhost-bin.000001
    -rw-rw---- 1 mysql mysql 120 2月 28 15:30 localhost-bin.000002

    -rw-rw---- 1 mysql mysql 115 3月 2 13:33 localhost-bin.index

    3、二进制日志的分析工具必须通过MySQL 自带的mysqlbinlog 工具。

    例1、从最新的日志文件000002的开始看,这里没有任何的记录,只是记录了文件头信息。
    [root@localhost mysql]# mysqlbinlog --start-position=0 localhost-bin.000002
    Warning: option 'start-position': unsigned value 0 adjusted to 4
    /*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=1*/;
    /*!40019 SET @@session.max_insert_delayed_threads=0*/;
    /*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/;
    DELIMITER /*!*/;
    # at 4
    #200228 15:30:30 server id 1 end_log_pos 120 CRC32 0xda43dea1 Start: binlog v 4, server v 5.6.27-log created 200228 15:30:30 at startup
    # Warning: this binlog is either in use or was not closed properly.
    ROLLBACK/*!*/;
    BINLOG '
    lsFYXg8BAAAAdAAAAHgAAAABAAQANS42LjI3LWxvZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAACWwVheEzgNAAgAEgAEBAQEEgAAXAAEGggAAAAICAgCAAAACgoKGRkAAaHe
    Q9o=
    '/*!*/;
    DELIMITER ;
    # End of log file
    ROLLBACK /* added by mysqlbinlog */;
    /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
    /*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=0*/;
    [root@localhost mysql]#

    例2、最新的日志文件000002的Position 为120,而该文件长度刚刚120Bytes。
    [root@localhost mysql]# mysql -uroot -p
    ...
    mysql> show master status;
    +----------------------+----------+--------------+------------------+-------------------+
    | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
    +----------------------+----------+--------------+------------------+-------------------+
    | localhost-bin.000002 | 120 | | | |
    +----------------------+----------+--------------+------------------+-------------------+
    1 row in set (0.01 sec)

    mysql>
    ...

     例3、历史日志文件000001的Position 为215486开始 的信息如下。

    [root@localhost mysql]# mysqlbinlog --start-position=215486 localhost-bin.000001
    /*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=1*/;
    /*!40019 SET @@session.max_insert_delayed_threads=0*/;
    ...
    # at 215486
    #200228 15:21:48 server id 1 end_log_pos 215585 CRC32 0x20df1851 Query thread_id=1 exec_time=0 error_code=0
    SET TIMESTAMP=1582874508/*!*/;
    SET @@session.pseudo_thread_id=1/*!*/;
    SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=0, @@session.unique_checks=1, @@session.autocommit=1/*!*/;
    SET @@session.sql_mode=1075838976/*!*/;
    SET @@session.auto_increment_increment=1, @@session.auto_increment_offset=1/*!*/;
    /*!C latin1 *//*!*/;
    SET @@session.character_set_client=8,@@session.collation_connection=8,@@session.collation_server=33/*!*/;
    SET @@session.lc_time_names=0/*!*/;
    SET @@session.collation_database=DEFAULT/*!*/;
    BEGIN
    /*!*/;
    # at 215585
    ...
    # at 215955
    #200228 15:30:27 server id 1 end_log_pos 215978 CRC32 0x8374e4e4 Stop
    DELIMITER ;
    # End of log file
    ROLLBACK /* added by mysqlbinlog */;
    /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
    /*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=0*/;
    [root@localhost mysql]#

    例4、将上述历史日志文件000001的Position +1变成215487开始得到的信息如下。
    [root@localhost mysql]# mysqlbinlog --start-position=215487 localhost-bin.000001
    /*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=1*/;
    /*!40019 SET @@session.max_insert_delayed_threads=0*/;
    ...
    ERROR: Error in Log_event::read_log_event(): 'read error', data_len: 553648128, event_type: 1
    ERROR: Could not read entry at offset 215487: Error in log format or read error.
    DELIMITER ;
    # End of log file
    ROLLBACK /* added by mysqlbinlog */;
    /*!50003 SET COMPLETION_TYPE=@OLD_COMPLETION_TYPE*/;
    /*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=0*/;
    [root@localhost mysql]#

    这里看到错误提示,因为215487不是一条记录的起始位置,所以start-position表示的是一条记录的在二进制文件中的物理起始位置。

  • 相关阅读:
    国产开源软件
    Tomcat系统架构
    移动端前端常见的触摸相关事件touch、tap、swipe
    spring配置文件详解
    Java获取文件中视频的时长
    java命令行导出、导入sql文件
    Java国密相关算法(bouncycastle)
    Java中将对象转换为Map的方法
    Virtual Box虚拟机下CentOS网络设置
    VirtualBox安装虚拟机全过程
  • 原文地址:https://www.cnblogs.com/orange-CC/p/12378142.html
Copyright © 2020-2023  润新知