Add an optioin to hide the actual query or query values.

[srinathman]

Sometimes having too much information in the logs can be dangerous and information can somehow be leaked to log files.

One example is when creating a new user, the user password would be written in plain text to the log file:

{"msg-type":"activity","date":"1348244195261","thread-id":"38","query-id":"126","user":"root","priv_user":"root","host":"localhost","ip":"127.0.0.1","cmd":"create_user","query":"CREATE USER 'T'@'%' IDENTIFIED BY 'AAA'"}

{"msg-type":"activity","date":"1348244195262","thread-id":"38","query-id":"127","user":"root","priv_user":"root","host":"localhost","ip":"127.0.0.1","cmd":"grant","query":"GRANT USAGE ON . TO 'T'@'%' IDENTIFIED BY 'AAA' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0"}

But it's still important to audit that the user "T" has been added.

[glicht]

Thanks for logging this issue. I agree that keeping the passwords in a log file is not recommended. I am marking this as an enhancement request.

[glicht]

In version 1.0.6 we added password masking support. There are 2 new configuration options: audit_password_masking_cmds and audit_password_masking_regex to further fine tune this.