MySQL性能监控与安全管理的完整指南

-- 检查 Performance Schema 状态
SHOW VARIABLES LIKE 'performance_schema';
SELECT * FROM performance_schema.setup_instruments WHERE ENABLED='YES' LIMIT 10;

-- 查看当前正在运行的查询
SELECT * FROM performance_schema.threads 
WHERE PROCESSLIST_ID IS NOT NULL;
 
-- 分析查询执行详情
SELECT * FROM performance_schema.events_statements_current 
WHERE THREAD_ID = (SELECT THREAD_ID FROM performance_schema.threads 
                  WHERE PROCESSLIST_ID = CONNECTION_ID());

-- 查看文件I/O等待情况
SELECT * FROM performance_schema.file_summary_by_event_name 
WHERE EVENT_NAME LIKE 'wait/io/file/%'
ORDER BY SUM_TIMER_WAIT DESC;
 
-- 分析表I/O性能
SELECT * FROM performance_schema.table_io_waits_summary_by_table 
WHERE OBJECT_SCHEMA = 'your_database';

-- 查看当前锁等待情况
SELECT * FROM performance_schema.data_lock_waits;
 
-- 分析锁统计信息
SELECT * FROM performance_schema.metadata_locks;

-- 查看 Sys Schema 中的所有视图
SELECT table_name, table_comment 
FROM information_schema.tables 
WHERE table_schema = 'sys' 
AND table_type = 'VIEW';

-- 查看当前会话性能统计
SELECT * FROM sys.session 
WHERE conn_id = CONNECTION_ID();
 
-- 查看所有活动会话
SELECT * FROM sys.processlist 
WHERE command != 'Sleep';
 
-- 会话I/O统计
SELECT * FROM sys.io_global_by_file_by_bytes 
LIMIT 10;

-- 查看内存分配情况
SELECT * FROM sys.memory_global_total;
SELECT * FROM sys.memory_by_thread_by_current_bytes;
 
-- 缓冲池使用情况
SELECT * FROM sys.innodb_buffer_stats_by_schema;

-- 查看慢SQL统计
SELECT * FROM sys.statements_with_full_table_scans;
SELECT * FROM sys.statements_with_sorting;
SELECT * FROM sys.statements_with_temp_tables;
 
-- 最消耗资源的查询
SELECT * FROM sys.statement_analysis 
ORDER BY avg_latency DESC 
LIMIT 10;

-- 检查审计插件状态
SELECT PLUGIN_NAME, PLUGIN_STATUS 
FROM INFORMATION_SCHEMA.PLUGINS 
WHERE PLUGIN_NAME LIKE '%audit%';
 
-- 查看审计配置
SHOW VARIABLES LIKE 'audit%';

-- 安装审计过滤器（企业版功能）
-- 引用文档中提到的脚本：audit_log_filter_linux_install.sql
-- 此脚本配置基于规则的MySQL审计功能
 
-- 创建审计过滤器
SELECT audit_log_filter_set_filter('log_all', '{
    "filter": {
        "class": {
            "name": "general",
            "event": {
                "name": "status",
                "log": true
            }
        }
    }
}');
 
-- 将过滤器分配给用户
SELECT audit_log_filter_set_user('%', 'log_all');

-- 查看审计日志状态
SELECT * FROM mysql.audit_log_filter;
SELECT * FROM mysql.audit_log_user;
 
-- 旋转审计日志
SET GLOBAL audit_log_flush = ON;

-- 监控复制状态
SHOW SLAVE STATUS;
SHOW MASTER STATUS;
 
-- 监控InnoDB状态
SHOW ENGINE INNODB STATUS;
 
-- 监控锁等待
SELECT * FROM sys.innodb_lock_waits;

-- 用户权限审计
SELECT * FROM mysql.user;
SELECT * FROM information_schema.user_privileges;
 
-- 安全配置检查
SHOW VARIABLES LIKE 'validate_password%';

-- 查看完整进程列表
SHOW FULL PROCESSLIST;
 
-- 等价的信息Schema查询
SELECT * FROM information_schema.processlist;

-- 终止特定连接
KILL 12345;

-- 按用户分组统计连接数
SELECT USER, COUNT(*) as connection_count 
FROM information_schema.processlist 
GROUP BY USER;

-- 分析连接来源分布
SELECT SUBSTRING_INDEX(HOST, ':', 1) as client_host, COUNT(*)
FROM information_schema.processlist 
GROUP BY client_host;

-- 查看各数据库的连接分布
SELECT db, COUNT(*) as connections 
FROM information_schema.processlist 
WHERE db IS NOT NULL 
GROUP BY db;

-- 分析命令类型分布
SELECT command, COUNT(*) as count 
FROM information_schema.processlist 
GROUP BY command 
ORDER BY count DESC;

-- 查找长时间运行的查询
SELECT * FROM information_schema.processlist 
WHERE TIME > 60 
ORDER BY TIME DESC;

-- 分析线程状态
SELECT state, COUNT(*) as count 
FROM information_schema.processlist 
WHERE state IS NOT NULL 
GROUP BY state 
ORDER BY count DESC;

-- 查看正在执行的查询
SELECT id, user, host, db, time, state, LEFT(info, 50) as query_preview
FROM information_schema.processlist 
WHERE info IS NOT NULL 
AND command != 'Sleep';

-- 查看用户账户基本信息
SELECT user, host, authentication_string, account_locked, password_expired
FROM mysql.user;
 
-- 查看用户权限详情
SHOW GRANTS FOR 'username'@'host';

-- 查找使用通配符的主机名（安全风险）
SELECT user, host FROM mysql.user 
WHERE host LIKE '%\%' OR host = '%';
 
-- 安全的用户定义示例
CREATE USER 'app_user'@'192.168.1.%' IDENTIFIED BY 'secure_password';
CREATE USER 'readonly_user'@'10.0.0.100' IDENTIFIED BY 'secure_password';

-- 创建角色
CREATE ROLE 'read_only', 'write_only', 'admin_role';
 
-- 为角色分配权限
GRANT SELECT ON database.* TO 'read_only';
GRANT INSERT, UPDATE, DELETE ON database.* TO 'write_only';
GRANT ALL PRIVILEGES ON database.* TO 'admin_role';
 
-- 将角色分配给用户
GRANT 'read_only' TO 'app_user'@'localhost';
GRANT 'admin_role' TO 'dba_user'@'localhost';

-- 查看当前角色
SELECT CURRENT_ROLE();
 
-- 激活角色
SET ROLE 'read_only';
 
-- 设置默认角色
SET DEFAULT ROLE 'read_only' TO 'app_user'@'localhost';

-- 创建角色（默认被锁定）
CREATE ROLE 'r_admin';
 
-- 验证角色状态
SELECT user, host, account_locked 
FROM mysql.user 
WHERE user = 'r_admin';
 
-- 将角色转换为可登录账户
ALTER USER 'r_admin' IDENTIFIED BY 'secure_password' ACCOUNT UNLOCK;
 
-- 验证转换结果
SELECT user, host, account_locked 
FROM mysql.user 
WHERE user = 'r_admin';

-- 授予FILE权限（谨慎使用）
GRANT FILE ON *.* TO 'backup_user'@'localhost';
 
-- FILE权限的使用场景
-- 1. SELECT ... INTO OUTFILE
SELECT * FROM sales_data INTO OUTFILE '/tmp/sales_backup.csv';
-- 2. LOAD DATA INFILE
LOAD DATA INFILE '/tmp/updated_data.csv' INTO TABLE sales_data;

-- 授予PROCESS权限
GRANT PROCESS ON *.* TO 'monitor_user'@'localhost';
 
-- PROCESS权限的使用
SHOW PROCESSLIST;
SELECT * FROM information_schema.processlist;
 
-- 监控应用示例
SELECT * FROM sys.processlist 
WHERE command != 'Sleep' 
AND time > 60;

-- 授予RELOAD权限
GRANT RELOAD ON *.* TO 'maintenance_user'@'localhost';
 
-- RELOAD权限的使用场景
FLUSH TABLES;
FLUSH LOGS;
FLUSH PRIVILEGES;
FLUSH STATUS;

-- 授予权限并允许转授
GRANT SELECT, INSERT ON database.* TO 'manager_user'@'localhost' 
WITH GRANT OPTION;
 
-- 被授权用户可以继续授权给其他用户
-- （以manager_user身份执行）
GRANT SELECT ON database.table1 TO 'team_user'@'localhost';

-- 授予角色并允许转授
GRANT 'admin_role' TO 'senior_dba'@'localhost' 
WITH ADMIN OPTION;
 
-- 被授权用户可以继续分配角色
-- （以senior_dba身份执行）
GRANT 'admin_role' TO 'junior_dba'@'localhost';