Skip to content

Configuration

Jump to bottom
Guy Lichtman edited this page May 22, 2013 · 30 revisions

By default, after installation the AUDIT Plugin doesn't log activity. You must explicitly enable the type of logging desired. Configuration is done through the use of MySQL system variables. AUDIT Plugin system variables can be set at server startup using options on the command line or in the MySQL option file (my.cnf at the [mysqld] section). Additionally, most AUDIT Plugin system variables can be changed dynamically while the server is running by means of the SET statement.

Available AUDIT Plugin system varaibles:

  • audit_json_log_file: json log file name. If audit_json_file option is enabled will write audit trail to this file. Value may be either an absolute path or relative to the MySQL datadir. Default value: mysql-audit.json.
  • audit_json_file: json log file Enable|Disable.
  • audit_json_file_sync: json log file sync period. If the value of this variable is greater than 0, audit log will sync to disk after every audit_json_file_sync writes. Default value: 0.
  • audit_json_socket_name: json UNIX socket name. If audit_json_socket option is enabled will write audit trail to this UNIX socket.
  • audit_json_socket: json UNIX socket Enable|Disable.
  • audit_uninstall_plugin: AUDIT uninstall plugin Enable|Disable (command line/conf file only). If disabled attempts to uninstall the AUDIT plugin via the sql UNINSTALL command will fail. Provides added security from uninstalling the plugin. Also protection from CVE-2010-1621 affecting versions up to 5.1.46.
  • audit_validate_checksum: mysqld binary checksum validation Enable|Disable. See Troubleshooting section in Installation page.
  • audit_checksum: Checksum for mysqld to validate (command line/conf file only). Used when audit_offsets are present. The plugin will not load if the specified checksum doesn't match the calculated one. This is useful when offsets have been set manually and you want to avoid using the manual offsets without validation after an upgrade of mysqld.
  • audit_record_cmds: Comma separated list of commands to log to the audit trail. For example: insert,update,delete.
  • audit_record_objs: Comma separated list of objects (tables) to log to the audit trail. Table name should be specified as: database.table. Wild cards are supported and it is possible to specify: *.mytable or mydb.*.
  • audit_whitelist_users: Comma separated list of white-listed users whose queries are not to recorded.

Notes:

  • When configuring boolean variables (enable/disable) in MySQL 5.1 via a configuration file (my.cnf) use 0/1 as values. For example: audit_json_file=1. There seems to be an issue with MySQL 5.1 where boolean configurations with ON/OFF values in my.cnf don't work.
  • The above list may be incomplete. To view all available AUDIT system variables run: mysqld --help --verbose
Clone this wiki locally