Location and Rotation of Logs
Logs can be written to a separate file or to the system logs. If you prefer to have the logging separated from other system information, the value of the variable server_audit_output_type should be set to file. Incidentally, file is the only option on Windows systems.
You can force a rotation by enabling the server_audit_file_rotate_now variable like so:
SET GLOBAL server_audit_file_rotate_now = ON;Separate log files
In addition to setting server_audit_output_type, you will have to provide the file path and name of the audit file. This is set in the variable server_audit_file_path. You can set the file size limit of the log file with the variable server_audit_file_rotate_size.
So, if rotation is on and the log file has reached the size limit you set, a copy is created with a consecutive number as extension the original file will be truncated to be used for the auditing again. To limit the number of log files created, set the variable server_audit_file_rotations. You can force log file rotation by setting the variable server_audit_file_rotate_now to a value of ON. When the number of files permitted is reached, the oldest file will be overwritten. Here is how those variables might be set in a server configuration file:
[mysqld]
...
server_audit_file_rotate_now=ON
server_audit_file_rotate_size=1000000
server_audit_file_rotations=5
...System logs
For security reasons, it's better sometimes to use the system logs instead of a local file owned by the mysql user. To do this, the value of server_audit_output_type needs to be set to syslog. Advanced configurations, such as using a remote syslogd service, are part of the syslogd configuration.
The variables, server_audit_syslog_ident and server_audit_syslog_info can be used to identify a system log entry made by the audit plugin. If a remote syslogd service is used for several MariaDB servers, these same variables are also used to identify the MariaDB server.
Here is a system log entry taken from a server which had server_audit_syslog_ident set to the default value of mysql-server_auditing, and server_audit_syslog_info set to <prod1>.
Aug 717:19:58localhostmysql-server_auditing:
<prod1> localhost.localdomain,root,localhost,1,7,
QUERY, mysql, 'SELECT * FROM user',0Although the default values for server_audit_syslog_facility and server_audit_syslog_priority should be sufficient in most cases. They can be changed based on the definition in syslog.h for the functions openlog() and syslog().
This page is licensed: CC BY-SA / Gnu FDL
Last updated
Was this helpful?