6,如何查看何跟踪用户行为记录。
去MySQL数据库服务器上查看binlog,应该thread_id=1的binlog记录。
[root@db_serverbinlog]# /usr/local/mysql/bin/mysqlbinlog --base64-output=DECODE-ROWS mysql-bin.000018 -v>3.log
[root@db_serverbinlog]# vim 3.log
# at 1103
#140728 20:12:48server id 72 end_log_pos 1175 CRC32 0xa323c00e Query thread_id=1 exec_time=0 error_code=0
SETTIMESTAMP=1406549568/*!*/;
BEGIN
/*!*/;
# at 1175
#140728 20:12:48server id 72 end_log_pos 1229 CRC32 0xbb8ca914 Table_map: `test`.`t1` mapped to number 72
# at 1229
#140728 20:12:48server id 72 end_log_pos 1272 CRC32 0x8eed1450 Write_rows: table id 72 flags: STMT_END_F
### INSERT INTO `test`.`t1`
### SET
### @1=5
### @2='t5'
# at 1272
#140728 20:12:48server id 72 end_log_pos 1303 CRC32 0x72b26336 Xid = 14
COMMIT/*!*/;
看到thread_id=1,然后,就可以根据thread_id=1来判断执行这条insert命令的来源,还可以在mysql服务器上执行show full processlist;来得到MySQL客户端的请求端口,
mysql> showfull processlist;
+----+------------+-------------------+------+---------+------+-------+-----------------------+
| Id | User | Host |db | Command | Time | State | Info |
+----+------------+-------------------+------+---------+------+-------+-----------------------+
| 1 |audit_user | 192.168.3.62:44657 | test | Sleep | 162 | | NULL |
| 3 | root | localhost | NULL | Query | 0 | init | show full processlist |
+----+------------+-------------------+------+---------+------+-------+-----------------------+
2 rows in set(0.00 sec)
mysql>
看到Id为1的线程,端口是44657。
我们切换回mysql客户端,去查看端口是44657的是什么进程,如下所示:
[tim@db_client~]$ netstat -antlp |grep 44657
(Not allprocesses could be identified, non-owned process info
will not beshown, you would have to be root to see it all.)
tcp 0 0 192.168.3.62:44657 192.168.1.12:3307 ESTABLISHED 6335/mysql
[tim@db_client~]$
获取到该进程的PID,再通过ps -eaf得到该进程所执行的命令,如下所示:
[tim@db_client~]$ ps -eaf|grep 6335
tim 633525497 0 19:59 pts/1 00:00:00 mysql -uaudit_user -p -h192.168.1.12 -P3307
tim 6993 6906 0 20:16 pts/2 00:00:00 grep 6335
[tim@db_client ~]$
最后查到是通过mysql客户端登陆连接的。加入这个6335是某个web工程的,那么,也可以根据ps-eaf命令查询得到web工程的进程信息。