SERVER_AUDIT plugin
You are viewing an old version of this article. View
the current version here.
The purpose of the SERVER_AUDIT plugin is to log the server's activity.
Installation
server_audit.so
should be copied to the proper directory, after which the plugin is installed:
INSTALL PLUGIN server_audit SONAME 'server_audit';
Log content
There are 3 types of log records.
CONNECTION | informs about connected/disconnected users |
QUERY | queries issued and their results |
TABLE | which tables were affected by query execution |
Variables
The plugin defines a number of variables shaping the way it works.
Variable | Description |
---|---|
server_audit_output_type | Specifies the desired output type. Can be SYSLOG or FILE . For example: SET GLOBAL server_audit_output_type=file file: log records will be saved into the rotating log file. The name of the file set by 'server_audit_file_path' variable. syslog: log records will be sent to the local syslogd daemon with the standard <syslog.h> API. |
server_audit_logging | Enables/disables the logging. Expected values are ON/OFF. For example: SET GLOBAL server_audit_logging=on |
If the server_audit_output_type is FILE, this will acually create/open the logfile so the 'server_audit_file_path' should be properly specified. |
server_audit_events | If set it specifies the set of types of events to log. Can be CONNECT, QUERY and TABLE. For example: SET GLOBAL server_audit_events='connect, query' |
server_audit_file_path | When 'server_audit_output_type=file', it sets the path to the log file. |
server_audit_file_rotate_size | When 'server_audit_output_type=file', it limits the size of the log file. Reaching that limit turns on the rotation - the current log file is renamed as 'file_path.1'. The empty log file is created as 'file_path' to log into it. |
server_audit_file_rotations | When 'server_audit_output_type=file', it specifies the number of rotations to save. |
server_audit_rotate_now | When 'server_audit_output_type=file', the user can force the log file rotation by SET-ting any value to this variable. |
server_audit_incl_users | If not empty, it contains the list of users whose activity will be logged. For example: SET GLOBAL server_audit_incl_users='user_foo, user_bar' CONNECT records aren't affected by this variable - they are logged always. |
server_audit_syslog_facility | SYSLOG-mode variable. It defines the 'facility' of the records that will be sent to the syslog. Later the log can be filtered by this parameter. Possible values are: LOG_USER, LOG_MAIL, LOG_DAEMON, LOG_AUTH, LOG_SYSLOG, LOG_LPR, LOG_NEWS, LOG_UUCP, LOG_CRON, LOG_AUTHPRIV, LOG_FTP, LOG_LOCAL0, LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4, LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7 |
server_audit_syslog_ident | SYSLOG-mode variable. String value for the 'ident' part of each syslog record. Default value is 'mysql-server_auditing'. New value becomes effective only after restarting the logging. |
server_audit_syslog_info | SYSLOG-mode variable. The 'info' string to be added to the syslog records. Can be changed any time. |
server_audit_syslog_priority | SYSLOG-mode variable. Defines for the syslogd the priority of the log records. Possible values: LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG . |
server_audit_excl_users | If not empty, it contains the list of users whose activity will NOT be logged. For example: SET GLOBAL server_audit_excl_users='user_foo, user_bar' CONNECT records aren't affected by this variable - they are logged always. |
Comments
Comments loading...
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.