Percona Server moved to https://jira.percona.com/projects/PS

Audit Log Plugin

Registered by Sergei Glushchenko

Audit Log Plugin for MySQL and Percona Server

Blueprint information

Status:
Complete
Approver:
Alexey Kopytov
Priority:
High
Drafter:
Sergei Glushchenko
Direction:
Approved
Assignee:
Sergei Glushchenko
Definition:
Approved
Series goal:
Accepted for 5.5
Implementation:
Implemented
Milestone target:
milestone icon 5.5.37-35.0
Started by
Sergei Glushchenko
Completed by
Laurynas Biveinis

Sprints

Whiteboard

Develop Audit Log Plugin similar to Oracle plugin http://dev.mysql.com/doc/refman/5.5/en/audit-log-plugin.html

Audit Log plugin produces the log of following events in XML format:

- Connects/Disconnects

- Queries

- Audit

Each event has NAME field, it's own unique RECORD_ID field and
TIMESTAMP field.

Audit event

Audit event indicates that audit logging started or finished. NAME is
"Audit" when logging started and "NoAudit" when logging
finished. Audit record also includes server version and command-line
arguments.

Connects/Disconnects

Connect record has NAME "Connect" when user logged in or login failed
or "Quit" when connection closed. Additional fields are CONNECTION_ID,
STATUS, USER, PRIV_USER, OS_LOGIN, PROXY_USER, HOST, IP, DB. STATUS
is 0 for successful logins and non-zeron for failed logins.

Queries

Additional fields are COMMAND_CLASS, CONNECTION_ID, STATUS (indicates
error when non-zero), SQLTEXT (text of SQL-statement, for 5.6 it is
rewritten to exclude passwords by default, it can be changed by using
--log-raw option, too long queries are trimmed), USER, HOST, OS_USER,
IP. NAME for query event can be "Query", "Prepare", "Execute", "Change user", etc.

COMMAND_CLASS is the values come from the com_status_vars array in the
sql/mysqld.cc file in a MySQL source distribution. Examples are
"select", "alter_table", "create_table", etc.

Logging control

Logging can be done to file directly or via memory buffer. Following
values of audit_log_strategy (static) control it:

- ASYNCHRONOUS (default) log using memory buffer, do not drop messages if buffer is full

- PERFORMANCE log using memory buffer, drop messages if buffer is full

- SEMISYNCHRONOUS log directly to file, do not flush and sync every event

- SYNCHRONOUS log directly to file, flush and sync every event

audit_log_file (static) controls file name to log into. It contains
path relative datadir or absolute path.

audit_log_flush (dynamic) - set ON to close and reopen log file. Useful to make
manual log file rotation.

audit_log_buffer_size (static, default is 4096) - size of memory
buffer for logging, used when audit_log_strategy is ASYNCHRONOUS or
PERFORMANCE.

audit_log_format (static, OLD|NEW, default = OLD) when set to OLD log
record properties as XML attributes, or as XML tags when NEW.

audit_log_policy (dynamic, default is ALL) to log ALL events, only
LOGINS, only QUERIES, or NONE.

audit_log_rotate_on_size (static, default is 0) when non-zero rotate
log file when it grew bigger than specified amount of bytes.

audit_log_rotations (static, default is 0) when
audit_log_rotate_on_size is non-zero specify the number of logs to
keep.

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.