Doris审计插件的安装

恩慈2年前技术文章1294

插件下载地址:https://doris.apache.org/download

1.安装Doris审计插件

(1)解压 Audit Loader 插件

步骤1. 复制插件文件

cp  /opt/dtstack/Doris/extensions/audit_loader/auditloader.zip

/opt/dtstack/Doris/fe/plugins/

 

步骤2. 进入目录并解压插件包

cd /opt/dtstack/Doris/fe/plugins/

unzip auditloader.zip

 

(2)修改配置

vi plugin.conf

 

配置说明

frontend_host_portFE 节点 IP 地址和 HTTP 端口,格式为 <fe_ip>:<fe_http_port>。 默认值为 127.0.0.1:8030

database:审计日志库名。

audit_log_table:审计日志表名。

slow_log_table:慢查询日志表名。

enable_slow_log:是否开启慢查询日志导入功能。默认值为 false

user:集群用户名。该用户必须具有对应表的 INSERT 权限。

password:集群用户密码。

image.png 

 

(3)重新打包 Audit Loader 插件

zip -r -q -m auditloader.zip auditloader.jar plugin.properties plugin.conf

(4)创建库表

若需开启慢查询日志导入功能,还需要额外创建慢表 doris_slow_log_tbl__,其表结构与 doris_audit_log_tbl__ 一致。其中 dynamic_partition 属性根据自己的需要,选择审计日志保留的天数。

create database doris_audit_db__;

 

create table doris_audit_db__.doris_audit_log_tbl__

(

    query_id varchar(48) comment "Unique query id",

    `time` datetime not null comment "Query start time",

    client_ip varchar(32) comment "Client IP",

    user varchar(64) comment "User name",

    db varchar(96) comment "Database of this query",

    state varchar(8) comment "Query result state. EOF, ERR, OK",

    error_code int comment "Error code of failing query.",

    error_message string comment "Error message of failing query.",

    query_time bigint comment "Query execution time in millisecond",

    scan_bytes bigint comment "Total scan bytes of this query",

    scan_rows bigint comment "Total scan rows of this query",

    return_rows bigint comment "Returned rows of this query",

    stmt_id int comment "An incremental id of statement",

    is_query tinyint comment "Is this statemt a query. 1 or 0",

    frontend_ip varchar(32) comment "Frontend ip of executing this statement",

    cpu_time_ms bigint comment "Total scan cpu time in millisecond of this query",

    sql_hash varchar(48) comment "Hash value for this query",

    sql_digest varchar(48) comment "Sql digest for this query",

    peak_memory_bytes bigint comment "Peak memory bytes used on all backends of this query",

    stmt string comment "The original statement, trimed if longer than 2G"

) engine=OLAP

duplicate key(query_id, `time`, client_ip)

partition by range(`time`) ()

distributed by hash(query_id) buckets 1

properties(

    "dynamic_partition.time_unit" = "DAY",

    "dynamic_partition.start" = "-30",

    "dynamic_partition.end" = "3",

    "dynamic_partition.prefix" = "p",

    "dynamic_partition.buckets" = "1",

    "dynamic_partition.enable" = "true",

    "replication_num" = "3"

);

 

create table doris_audit_db__.doris_slow_log_tbl__

(

    query_id varchar(48) comment "Unique query id",

    `time` datetime not null comment "Query start time",

    client_ip varchar(32) comment "Client IP",

    user varchar(64) comment "User name",

    db varchar(96) comment "Database of this query",

    state varchar(8) comment "Query result state. EOF, ERR, OK",

    error_code int comment "Error code of failing query.",

    error_message string comment "Error message of failing query.",

    query_time bigint comment "Query execution time in millisecond",

    scan_bytes bigint comment "Total scan bytes of this query",

    scan_rows bigint comment "Total scan rows of this query",

    return_rows bigint comment "Returned rows of this query",

    stmt_id int comment "An incremental id of statement",

    is_query tinyint comment "Is this statemt a query. 1 or 0",

    frontend_ip varchar(32) comment "Frontend ip of executing this statement",

    cpu_time_ms bigint comment "Total scan cpu time in millisecond of this query",

    sql_hash varchar(48) comment "Hash value for this query",

    sql_digest varchar(48) comment "Sql digest for this query",

    peak_memory_bytes bigint comment "Peak memory bytes used on all backends of this query",

    stmt string comment "The original statement, trimed if longer than 2G "

) engine=OLAP

duplicate key(query_id, `time`, client_ip)

partition by range(`time`) ()

distributed by hash(query_id) buckets 1

properties(

    "dynamic_partition.time_unit" = "DAY",

    "dynamic_partition.start" = "-30",

    "dynamic_partition.end" = "3",

    "dynamic_partition.prefix" = "p",

    "dynamic_partition.buckets" = "1",

    "dynamic_partition.enable" = "true",

    "replication_num" = "3"

);

(5)部署

步骤1. 拷贝auditloader.zip

将重新打包的zip拷贝到所有 FE /opt/dtstack/Doris/fe/plugins/目录

 

步骤2. 连接FE

mysql -uroot -P9030 -h127.0.0.1

 

步骤3. 执行安装命令

INSTALL PLUGIN FROM /opt/dtstack/Doris/fe/plugins/auditloader.zip


相关文章

Linux操作系统之Linux命令的返回值

Linux命令执行后无论成功与否都有一个返回值,如果为 0,则表示命令执行成功,其它值则表示执行错误。具体的错误码含义如下:  "OS error code  1: Operation not per...

Linux 文件锁

1、背景Linux 系统定时任务正在执行时,可能会遇到上个周期的任务还没有执行完,这样便会造成相同的任务同一时间有过个任务进程在执行。如果任务有对互斥资源操作时,有可能产生死锁。2、用法参考flock...

CDH实操--kudumaster迁移

CDH实操--kudumaster迁移

1 概述本次kudumaster迁移,中间不需要停kudu集群(会涉及滚动重启kudu角色); 注:若因为任务持续运行导致kudu停止超时可手动一台台停止-启动2 master迁移将cdh2中的ma...

PG的锁(一)

一、表级锁1.1 表级锁模式常见锁模式以及应用场景:ACCESS SHARE :select操作获取该模式锁资源,通常情况下所有只读取不修改表的查询都会获取该模式锁资源ROW SHARE : sele...

借助arthas工具打火焰图

借助arthas工具打火焰图

1、下载arthas在命令行下面执行(使用和目标进程一致的用户启动,否则可能 attach 失败):curl -O https://arthas.aliyun.com/arthas-boot.jar...

flink-hive方言配置(Hive Dialect)

简介       在使用 Hive 方言时,Flink 允许用户用 Hive 语法来编写 SQL 语句。 通过提供与 Hive 语法的兼容性,我们旨在改善与 Hive 的互操作性,并减少用户需要在 F...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。