SERVER_AUDIT plugin

You are viewing an old version of this article. View the current version here.

The purpose of the SERVER_AUDIT plugin is to log the server's activity.

Installation

server_audit.so should be copied to the proper directory, after which the plugin is installed:

INSTALL PLUGIN server_audit SONAME 'server_audit';

Log content

There are 3 types of log records.

CONNECTIONinforms about connected/disconnected users
QUERYqueries issued and their results
TABLEwhich tables were affected by query execution

Variables

The plugin defines a number of variables shaping the way it works.

VariableDescription
server_audit_output_typeSpecifies the desired output type. Can be SYSLOG or FILE. For example: SET GLOBAL server_audit_output_type=file file: log records will be saved into the rotating log file. The name of the file set by 'server_audit_file_path' variable. syslog: log records will be sent to the local syslogd daemon with the standard <syslog.h> API.
server_audit_loggingEnables/disables the logging. Expected values are ON/OFF. For example: SET GLOBAL server_audit_logging=on

If the server_audit_output_type is FILE, this will acually create/open the logfile so the 'server_audit_file_path' should be properly specified. |

server_audit_eventsIf set it specifies the set of types of events to log. Can be CONNECT, QUERY and TABLE. For example: SET GLOBAL server_audit_events='connect, query'
server_audit_file_pathWhen 'server_audit_output_type=file', it sets the path to the log file.
server_audit_file_rotate_sizeWhen 'server_audit_output_type=file', it limits the size of the log file. Reaching that limit turns on the rotation - the current log file is renamed as 'file_path.1'. The empty log file is created as 'file_path' to log into it.
server_audit_file_rotationsWhen 'server_audit_output_type=file', it specifies the number of rotations to save.
server_audit_rotate_nowWhen 'server_audit_output_type=file', the user can force the log file rotation by SET-ting any value to this variable.
server_audit_incl_usersIf not empty, it contains the list of users whose activity will be logged. For example: SET GLOBAL server_audit_incl_users='user_foo, user_bar' CONNECT records aren't affected by this variable - they are logged always.
server_audit_syslog_facilitySYSLOG-mode variable. It defines the 'facility' of the records that will be sent to the syslog. Later the log can be filtered by this parameter. Possible values are: LOG_USER, LOG_MAIL, LOG_DAEMON, LOG_AUTH, LOG_SYSLOG, LOG_LPR, LOG_NEWS, LOG_UUCP, LOG_CRON, LOG_AUTHPRIV, LOG_FTP, LOG_LOCAL0, LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4, LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7
server_audit_syslog_identSYSLOG-mode variable. String value for the 'ident' part of each syslog record. Default value is 'mysql-server_auditing'. New value becomes effective only after restarting the logging.
server_audit_syslog_infoSYSLOG-mode variable. The 'info' string to be added to the syslog records. Can be changed any time.
server_audit_syslog_prioritySYSLOG-mode variable. Defines for the syslogd the priority of the log records. Possible values: LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG .
server_audit_excl_usersIf not empty, it contains the list of users whose activity will NOT be logged. For example: SET GLOBAL server_audit_excl_users='user_foo, user_bar' CONNECT records aren't affected by this variable - they are logged always.

Status variables

The activity of the plugin can be monitored with the status variables.

Status variableDescription
server_audit_activeIf the auditing is actually working. It gets the ON value when the logging is successfully started. Then it can get the OFF value if the logging was stopped or log records can't be properly stored due to file or syslog errors.
server_audit_current_logThe name of the logfile or the SYSLOG parameters that are in current use.

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.