There are a several system variables related to the MariaDB Audit Plugin, once it has been installed. These variables can be displayed using the SHOW VARIABLES statement like so:

SHOW GLOBAL VARIABLES LIKE '%server_audit%';

+-------------------------------+-----------------------+
| Variable_name                 | Value                 |
+-------------------------------+-----------------------+
| server_audit_events           | CONNECT,QUERY,TABLE   |
| server_audit_excl_users       |                       |
| server_audit_file_path        | server_audit.log      |
| server_audit_file_rotate_now  | OFF                   |
| server_audit_file_rotate_size | 1000000               |
| server_audit_file_rotations   | 9                     |
| server_audit_incl_users       |                       |
| server_audit_logging          | ON                    |
| server_audit_mode             | 0                     |
| server_audit_output_type      | file                  |
| server_audit_query_log_limit  | 1024                  |
| server_audit_syslog_facility  | LOG_USER              |
| server_audit_syslog_ident     | mysql-server_auditing |
| server_audit_syslog_info      |                       |
| server_audit_syslog_priority  | LOG_INFO              |
+-------------------------------+-----------------------+

To change the value of one of these variables, you can use the SET statement, or set them at the command-line when starting MariaDB. It's recommended that you set them in the MariaDB configuration for the server like so:

[mariadb]
...
server_audit_excl_users='bob,ted'
...

System Variables

Below is a list of all system variables related to the Audit Plugin. See Server System Variables for a complete list of system variables and instructions on setting them. See also the full list of MariaDB options, system and status variables. <<toc>>

server_audit_events

  • Description: If set it specifies the set of types of events to log. For example: SET GLOBAL server_audit_events='connect, query'
  • Commandline: --server-audit-events=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: Empty string
  • Valid Values: CONNECT, QUERY and TABLE (QUERY_DDL, QUERY_DML added in 1.2.0 and QUERY_DCL added in 1.3.0)

server_audit_excl_users

  • Description: If not empty, it contains the list of users whose activity will NOT be logged. For example: SET GLOBAL server_audit_excl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged. The user is still logged if it's specified in server_audit_incl_users.
  • Commandline: --server-audit-excl-users=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: Empty string

server_audit_file_path

  • Description: When server_audit_output_type=file, sets the path and the filename to the log file. If the specified path exists as a directory, then the log will be created inside that directory with the name 'server_audit.log'. Otherwise the value is treated as a filename. The default value is 'server_audit.log', which means this file will be created in the database directory.
  • Commandline: --server-audit-file-path=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: server_audit.log

server_audit_file_rotate_now

  • Description: When server_audit_output_type=file, the user can force the log file rotation by setting this variable to ON or 1.
  • Commandline: --server-audit-rotate-now[={0|1}]
  • Scope: Global
  • Dynamic: Yes
  • Data Type: boolean
  • Default Value: OFF

server_audit_file_rotate_size

  • Description: When server_audit_output_type=file, it limits the size of the log file. Reaching that limit turns on the rotation - the current log file is renamed as 'file_path.1'. The empty log file is created as 'file_path' to log into it. The default value is 100000.
  • Commandline: --server-audit-rotate-size=#
  • Scope: Global
  • Dynamic: Yes
  • Data Type: numeric
  • Default Value: 1000000

server_audit_file_rotations

  • Description: When server_audit_output_type=file', this specifies the number of rotations to save. If set to 0 then the log never rotates. The default value is 9.
  • Commandline: --server-audit-rotations=#
  • Scope: Global
  • Dynamic: Yes
  • Data Type: numeric
  • Default Value: 9
  • Range: 0 to 999

server_audit_incl_users

  • Description: If not empty, it contains a comma-delimited list of users whose activity will be logged. For example: SET GLOBAL server_audit_incl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged. This setting has higher priority than server_audit_excl_users. So if the same user is specified both in incl_ and excl_ lists, they will still be logged.
  • Commandline: --server-audit-incl-users=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: Empty string

server_audit_loc_info

  • Description: Used by plugin internals. For a user it's read-only and its value has no distinct meaning. The goal is to make it invisible over time.
  • Commandline: N/A
  • Scope: Global
  • Dynamic: No
  • Data Type: string
  • Default Value: Empty string
  • Introduced: MariaDB 5.5.48, MariaDB 10.0.24, MariaDB 10.1.12

server_audit_logging

  • Description: Enables/disables the logging. Expected values are ON/OFF. For example: SET GLOBAL server_audit_logging=on If the server_audit_output_type is FILE, this will actually create/open the logfile so the server_audit_file_path should be properly specified beforehand. Same about the SYSLOG-related parameters. The logging is turned off by default.
  • Commandline: --server-audit-logging[={0|1}]
  • Scope: Global
  • Dynamic: Yes
  • Data Type: boolean
  • Default Value: OFF

server_audit_mode

  • Description: This variable doesn't have any distinctive meaning for a user. Its value mostly reflects the server version with which the plugin was started and is intended to be used by developers for testing.
  • Commandline: --server-audit-mode[=#]

server_audit_output_type

  • Description: Specifies the desired output type. Can be SYSLOG or FILE. For example: SET GLOBAL server_audit_output_type=file file: log records will be saved into the rotating log file. The name of the file set by server_audit_file_path variable. syslog: log records will be sent to the local syslogd daemon with the standard <syslog.h> API. The default value is 'file'.
  • Commandline: --server-audit-output-type=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: enum
  • Default Value: file
  • Valid Values: SYSLOG or FILE

server_audit_query_log_limit

  • Description: Limit on the length of the query string in a record.
  • Commandline: --server-audit-query-log-limit=#
  • Scope: Global
  • Dynamic: Yes
  • Data Type: numeric
  • Default Value: 1024
  • Range: 0 to 2147483647
  • Introduced: MariaDB 5.5.43, MariaDB 10.0.18, MariaDB 10.1.5

server_audit_syslog_facility

  • Description: SYSLOG-mode variable. It defines the 'facility' of the records that will be sent to the syslog. Later the log can be filtered by this parameter.
  • Commandline: --server-audit-syslog-facility=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: enum
  • Default Value: LOG_USER
  • Valid Values: LOG_USER, LOG_MAIL, LOG_DAEMON, LOG_AUTH, LOG_SYSLOG, LOG_LPR, LOG_NEWS, LOG_UUCP, LOG_CRON, LOG_AUTHPRIV, LOG_FTP, and LOG_LOCAL0LOG_LOCAL7.

server_audit_syslog_ident

  • Description: SYSLOG-mode variable. String value for the 'ident' part of each syslog record. Default value is 'mysql-server_auditing'. New value becomes effective only after restarting the logging.
  • Commandline: --server-audit-syslog-ident=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: mysql-server_auditing

server_audit_syslog_info

  • Description: SYSLOG-mode variable. The 'info' string to be added to the syslog records. Can be changed any time.
  • Commandline: --server-audit-syslog-info=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: string
  • Default Value: Empty string

server_audit_syslog_priority

  • Description: SYSLOG-mode variable. Defines the priority of the log records for the syslogd.
  • Commandline: --server-audit-syslog-priority=value
  • Scope: Global
  • Dynamic: Yes
  • Data Type: enum
  • Default Value: LOG_INFO
  • Valid Values:LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG

Comments

Comments loading...