Filtering by users for audit log plugin
Add two global variables:
- audit_log_
- audit_log_
The value can be NULL or comma separated list of accounts in form
user@host or 'user'@'host' (if user or host contains comma).
Only one variable can be not NULL at a time. If one is set to be not
NULL, the attempt to set another one will fail. Empty string means
empty list.
Change of audit_log_
audit_log_
Example:
mysql> SET GLOBAL audit_log_
Query OK, 0 rows affected (0.00 sec)
mysql> SET GLOBAL audit_log_
ERROR 1231 (42000): Variable 'audit_
mysql> SET GLOBAL audit_log_
Query OK, 0 rows affected (0.00 sec)
mysql> SET GLOBAL audit_log_
Query OK, 0 rows affected (0.00 sec)
mysql> SET GLOBAL audit_log_
Query OK, 0 rows affected (0.00 sec)
mysql> SET GLOBAL audit_log_
Query OK, 0 rows affected (0.00 sec)
mysql> SET GLOBAL audit_log_
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT @@audit_
| @@audit_
| 'user'@'host' |
1 row in set (0.00 sec)
Account names for 5.6 are ones that logged in audit log, for 5.7 they
are ones from `mysql.user' table. For example we created a user:
mysql> create user 'user1'@'%' identified by '111';
Query OK, 0 rows affected (0.00 sec)
This is what we see when `user1' connected from `localhost':
,----
| <AUDIT_RECORD
| NAME="Connect"
| RECORD=
| TIMESTAMP=
| CONNECTION_ID="6"
| STATUS="0"
| USER="user1" ;; this is a 'user' part of account in 5.6
| PRIV_USER="user1"
| OS_LOGIN=""
| PROXY_USER=""
| HOST="localhost" ;; this is a 'host' part of account in 5.6
| IP=""
| DB=""
| />
`----
To exclude `user1' from logging in 5.6 we must set:
SET GLOBAL audit_log_
In 5.7:
SET GLOBAL audit_log_
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Medium
- Drafter:
- Sergei Glushchenko
- Direction:
- Approved
- Assignee:
- Sergei Glushchenko
- Definition:
- Approved
- Series goal:
- Accepted for 5.6
- Implementation:
- Implemented
- Milestone target:
- 5.6.32-78.0
- Started by
- Sergei Glushchenko
- Completed by
- Sergei Glushchenko
Related branches
Related bugs
Bug #1455432: Audit log plugin should allow to include or exclude logging for specific users | Fix Released |
Sprints
Work Items
Dependency tree
* Blueprints in grey have been implemented.