Doris审计插件的安装

恩慈2年前技术文章1122

插件下载地址:https://doris.apache.org/download

1.安装Doris审计插件

(1)解压 Audit Loader 插件

步骤1. 复制插件文件

cp  /opt/dtstack/Doris/extensions/audit_loader/auditloader.zip

/opt/dtstack/Doris/fe/plugins/

 

步骤2. 进入目录并解压插件包

cd /opt/dtstack/Doris/fe/plugins/

unzip auditloader.zip

 

(2)修改配置

vi plugin.conf

 

配置说明

frontend_host_portFE 节点 IP 地址和 HTTP 端口,格式为 <fe_ip>:<fe_http_port>。 默认值为 127.0.0.1:8030

database:审计日志库名。

audit_log_table:审计日志表名。

slow_log_table:慢查询日志表名。

enable_slow_log:是否开启慢查询日志导入功能。默认值为 false

user:集群用户名。该用户必须具有对应表的 INSERT 权限。

password:集群用户密码。

image.png 

 

(3)重新打包 Audit Loader 插件

zip -r -q -m auditloader.zip auditloader.jar plugin.properties plugin.conf

(4)创建库表

若需开启慢查询日志导入功能,还需要额外创建慢表 doris_slow_log_tbl__,其表结构与 doris_audit_log_tbl__ 一致。其中 dynamic_partition 属性根据自己的需要,选择审计日志保留的天数。

create database doris_audit_db__;

 

create table doris_audit_db__.doris_audit_log_tbl__

(

    query_id varchar(48) comment "Unique query id",

    `time` datetime not null comment "Query start time",

    client_ip varchar(32) comment "Client IP",

    user varchar(64) comment "User name",

    db varchar(96) comment "Database of this query",

    state varchar(8) comment "Query result state. EOF, ERR, OK",

    error_code int comment "Error code of failing query.",

    error_message string comment "Error message of failing query.",

    query_time bigint comment "Query execution time in millisecond",

    scan_bytes bigint comment "Total scan bytes of this query",

    scan_rows bigint comment "Total scan rows of this query",

    return_rows bigint comment "Returned rows of this query",

    stmt_id int comment "An incremental id of statement",

    is_query tinyint comment "Is this statemt a query. 1 or 0",

    frontend_ip varchar(32) comment "Frontend ip of executing this statement",

    cpu_time_ms bigint comment "Total scan cpu time in millisecond of this query",

    sql_hash varchar(48) comment "Hash value for this query",

    sql_digest varchar(48) comment "Sql digest for this query",

    peak_memory_bytes bigint comment "Peak memory bytes used on all backends of this query",

    stmt string comment "The original statement, trimed if longer than 2G"

) engine=OLAP

duplicate key(query_id, `time`, client_ip)

partition by range(`time`) ()

distributed by hash(query_id) buckets 1

properties(

    "dynamic_partition.time_unit" = "DAY",

    "dynamic_partition.start" = "-30",

    "dynamic_partition.end" = "3",

    "dynamic_partition.prefix" = "p",

    "dynamic_partition.buckets" = "1",

    "dynamic_partition.enable" = "true",

    "replication_num" = "3"

);

 

create table doris_audit_db__.doris_slow_log_tbl__

(

    query_id varchar(48) comment "Unique query id",

    `time` datetime not null comment "Query start time",

    client_ip varchar(32) comment "Client IP",

    user varchar(64) comment "User name",

    db varchar(96) comment "Database of this query",

    state varchar(8) comment "Query result state. EOF, ERR, OK",

    error_code int comment "Error code of failing query.",

    error_message string comment "Error message of failing query.",

    query_time bigint comment "Query execution time in millisecond",

    scan_bytes bigint comment "Total scan bytes of this query",

    scan_rows bigint comment "Total scan rows of this query",

    return_rows bigint comment "Returned rows of this query",

    stmt_id int comment "An incremental id of statement",

    is_query tinyint comment "Is this statemt a query. 1 or 0",

    frontend_ip varchar(32) comment "Frontend ip of executing this statement",

    cpu_time_ms bigint comment "Total scan cpu time in millisecond of this query",

    sql_hash varchar(48) comment "Hash value for this query",

    sql_digest varchar(48) comment "Sql digest for this query",

    peak_memory_bytes bigint comment "Peak memory bytes used on all backends of this query",

    stmt string comment "The original statement, trimed if longer than 2G "

) engine=OLAP

duplicate key(query_id, `time`, client_ip)

partition by range(`time`) ()

distributed by hash(query_id) buckets 1

properties(

    "dynamic_partition.time_unit" = "DAY",

    "dynamic_partition.start" = "-30",

    "dynamic_partition.end" = "3",

    "dynamic_partition.prefix" = "p",

    "dynamic_partition.buckets" = "1",

    "dynamic_partition.enable" = "true",

    "replication_num" = "3"

);

(5)部署

步骤1. 拷贝auditloader.zip

将重新打包的zip拷贝到所有 FE /opt/dtstack/Doris/fe/plugins/目录

 

步骤2. 连接FE

mysql -uroot -P9030 -h127.0.0.1

 

步骤3. 执行安装命令

INSTALL PLUGIN FROM /opt/dtstack/Doris/fe/plugins/auditloader.zip


相关文章

数据湖技术之iceberg(十一)Flink与Iceberg整合-DataStream API

数据湖技术之iceberg(十一)Flink与Iceberg整合-DataStream API

1.实时写入Iceberg表DataStream Api方式操作Iceberg方式目前仅支持Java Api。使用DataStream API 实时写入Iceberg表具体操作如下:2、编写代码使用D...

netca报错UnsatisfiedLinkError exception loading native library

1、netca报错:UnsatisfiedLinkError exception loading native library: njni11报错:[oracle@test-db ~]$ netca...

Yarn调度器对比

1)Hadoop调度器重要分为三类:FIFO 、Capacity Scheduler(容量调度器)和Fair Sceduler(公平调度器)。Apache默认的资源调度器是容量调度器;CDH...

shell脚本-expect

shell脚本-expect

一、概述       Expect是建立在tcl基础上的一个工具,Expect 是用来进行自动化控制和测试的工具。主要解决shell脚本中不可交互的问题。       在一些需要交互输入指令的场景下,...

Kafka数据恢复

一、增量恢复增量恢复需要使用 MirrorMaker 来实现,下面是 MirrorMaker 的用法示例:# 创建MirrorMaker 配置文件cat > /tmp/mirror-maker....

ES基础知识介绍

ES 核心概念ES 是使用 Java 编写的一种开源搜索引擎,它在内部使用 Lucene 做索引与搜索,通过对 Lucene 的封装,隐藏了 Lucene 的复杂性,取而代之的提供一套简单一致的 RE...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。