Audit Log Plugin
Audit Log Plugin for MySQL and Percona Server
Blueprint information
- Status:
- Complete
- Approver:
- Alexey Kopytov
- Priority:
- High
- Drafter:
- Sergei Glushchenko
- Direction:
- Approved
- Assignee:
- Sergei Glushchenko
- Definition:
- Approved
- Series goal:
- Accepted for 5.5
- Implementation:
- Implemented
- Milestone target:
- 5.5.37-35.0
- Started by
- Sergei Glushchenko
- Completed by
- Laurynas Biveinis
Related bugs
Sprints
Whiteboard
Develop Audit Log Plugin similar to Oracle plugin http://
Audit Log plugin produces the log of following events in XML format:
- Connects/
- Queries
- Audit
Each event has NAME field, it's own unique RECORD_ID field and
TIMESTAMP field.
Audit event
Audit event indicates that audit logging started or finished. NAME is
"Audit" when logging started and "NoAudit" when logging
finished. Audit record also includes server version and command-line
arguments.
Connects/
Connect record has NAME "Connect" when user logged in or login failed
or "Quit" when connection closed. Additional fields are CONNECTION_ID,
STATUS, USER, PRIV_USER, OS_LOGIN, PROXY_USER, HOST, IP, DB. STATUS
is 0 for successful logins and non-zeron for failed logins.
Queries
Additional fields are COMMAND_CLASS, CONNECTION_ID, STATUS (indicates
error when non-zero), SQLTEXT (text of SQL-statement, for 5.6 it is
rewritten to exclude passwords by default, it can be changed by using
--log-raw option, too long queries are trimmed), USER, HOST, OS_USER,
IP. NAME for query event can be "Query", "Prepare", "Execute", "Change user", etc.
COMMAND_CLASS is the values come from the com_status_vars array in the
sql/mysqld.cc file in a MySQL source distribution. Examples are
"select", "alter_table", "create_table", etc.
Logging control
Logging can be done to file directly or via memory buffer. Following
values of audit_log_strategy (static) control it:
- ASYNCHRONOUS (default) log using memory buffer, do not drop messages if buffer is full
- PERFORMANCE log using memory buffer, drop messages if buffer is full
- SEMISYNCHRONOUS log directly to file, do not flush and sync every event
- SYNCHRONOUS log directly to file, flush and sync every event
audit_log_file (static) controls file name to log into. It contains
path relative datadir or absolute path.
audit_log_flush (dynamic) - set ON to close and reopen log file. Useful to make
manual log file rotation.
audit_log_
buffer for logging, used when audit_log_strategy is ASYNCHRONOUS or
PERFORMANCE.
audit_log_format (static, OLD|NEW, default = OLD) when set to OLD log
record properties as XML attributes, or as XML tags when NEW.
audit_log_policy (dynamic, default is ALL) to log ALL events, only
LOGINS, only QUERIES, or NONE.
audit_log_
log file when it grew bigger than specified amount of bytes.
audit_log_rotations (static, default is 0) when
audit_log_
keep.