Mi&Bee Blog
中文

Monitoring Collection Notes

Observability MySQL, Tcp, Linux, Monitoring Collection 407 words 2 min read

MySQL Monitoring

MySQL Privilege Best Practices

Privilege control is primarily for security reasons, so follow these best practices:

  1. Grant only the minimum privileges needed to prevent users from doing harm. For example, if a user only needs to query, just grant SELECT privileges, not UPDATE, INSERT, or DELETE.
  2. Restrict the login host when creating users, typically to a specific IP or internal network IP range.
  3. Delete users without passwords after initializing the database. The installation automatically creates some users with no passwords by default.
  4. Set passwords that meet complexity requirements for each user.
  5. Periodically clean up unnecessary users. Revoke privileges or delete users.

Example:

For MySQL monitoring, create a monitoring account with separate grants for local and remote monitoring:

sql
1
2

GRANT USAGE,PROCESS,REPLICATION CLIENT,REPLICATION SLAVE ON *.* TO 'monitor'@'10.12.%' IDENTIFIED BY 'xxx';
GRANT USAGE,SUPER,PROCESS,REPLICATION CLIENT,REPLICATION SLAVE ON *.* TO 'monitor'@'localhost' IDENTIFIED BY 'xxx';

Monitoring Methods

show global status; View global status show global variables; View global variable settings mysqladmin MySQL management tool show master status; View Master status show slave status; View Slave status show binary logs; View binary log files show engine innodb status\G View InnoDB storage engine status show engine myisam status\G View MyISAM storage engine status

You can also query the information_schema database to get InnoDB storage engine related information.

Privilege Table

PrivilegePrivilege LevelDescription
CREATEDatabase, table, or indexCreate database, table, or index
DROPDatabase or tableDrop database or table
GRANT OPTIONDatabase, table, or stored programGrant privilege option
REFERENCESDatabase or table
ALTERTableAlter table, such as adding fields, indexes
DELETETableDelete data
INDEXTableIndex privilege
INSERTTableInsert privilege
SELECTTableQuery privilege
UPDATETableUpdate privilege
CREATE VIEWViewCreate view
SHOW VIEWViewView view
ALTER ROUTINEStored procedureAlter stored procedure
CREATE ROUTINEStored procedureCreate stored procedure
EXECUTEStored procedureExecute stored procedure
FILEFile access on server hostFile access privilege
CREATE TEMPORARY TABLESServer managementCreate temporary table
LOCK TABLESServer managementLock table
CREATE USERServer managementCreate user
PROCESSServer managementView process
RELOADServer managementExecute flush-hosts, flush-logs, flush-privileges, flush-status,
flush-tables, flush-threads, refresh, reload commands
REPLICATION CLIENTServer managementReplication privilege
REPLICATION SLAVEServer managementReplication privilege
SHOW DATABASESServer managementView databases
SHUTDOWNServer managementShutdown database
SUPERServer managementExecute kill thread privilege

TCP

Figure:

This diagram details the distribution of various protocols in the TCP/IP protocol suite within the OSI model.