Not the answer you need?
Register and ask your own question!

Audit plugin user filtering does not work

keithkeith ContributorCurrent User Role Novice
Hello guys,
I use the audit plugin to exclude a subset of users, but it does not work. The following two methods of setting are not working:

set global audit_log_exclude_accounts= "'yzk'@'192.168.1.1'";
and show variables like 'audit_log_exclude_accounts' result is
audit_log_exclude_accounts | 'yzk'@'192.168.1.1'

set global audit_log_exclude_accounts= '[email protected]';
and show variables like 'audit_log_exclude_accounts' result is
audit_log_exclude_accounts | '[email protected]'

Although I have re-logged in, but the log is still recorded in this account information on the 192.168.1.1.
It makes me soon have hundreds of G size log files.

I hope someone can tell me the correct setting method.

Thank you very much!

Comments

  • eroomydnaeroomydna MySQL Addict Current User Role Beginner
    Hey Keith, what version of Percona Server are you currently using? Can you provide the output from `SHOW GLOBAL VARIABLES LIKE 'audit%';`

    thanks in advance!
  • keithkeith Contributor Current User Role Novice
    eroomydna wrote: »
    Hey Keith, what version of Percona Server are you currently using? Can you provide the output from `SHOW GLOBAL VARIABLES LIKE 'audit%';`

    thanks in advance!

    Percona Server version is : 5.6.36-82.0-log
    And `SHOW GLOBAL VARIABLES LIKE '%audti%';` output is :
    +
    +
    +
    | Variable_name | Value |
    +
    +
    +
    | audit_log_buffer_size | 1048576 |
    | audit_log_exclude_accounts | 'yzk'@'192.168.1.1' |
    | audit_log_exclude_commands | |
    | audit_log_file | audit.log |
    | audit_log_flush | OFF |
    | audit_log_format | OLD |
    | audit_log_handler | FILE |
    | audit_log_include_accounts | |
    | audit_log_include_commands | |
    | audit_log_policy | ALL |
    | audit_log_rotate_on_size | 0 |
    | audit_log_rotations | 0 |
    | audit_log_strategy | ASYNCHRONOUS |
    | audit_log_syslog_facility | LOG_USER |
    | audit_log_syslog_ident | percona-audit |
    | audit_log_syslog_priority | LOG_INFO |
    +
    +
    +
    16 rows in set (0.00 sec)

    Unfortunately, `audit_log_exclude_accounts` doesn't work.

    Thanks!
  • keithkeith Contributor Current User Role Novice
    The configuration file /etc/my.cnf does not set any audit parameters.
  • eroomydnaeroomydna MySQL Addict Current User Role Beginner
    Hi Keith,

    this is a known bug in Percona Server. It will require a major upgrade to fix this in lieu of a patch for 5.6.xx releases.

    https://bugs.launchpad.net/percona-server/5.6/+bug/1679316

    For more details.

    BR

    Andrew
  • eroomydnaeroomydna MySQL Addict Current User Role Beginner
    p.s. there is a workaround described in the bug report but that may not fit your use case. It's also viable to use the McAfee audit plugin to produce a similarly formatted output for your audit trail.
  • keithkeith Contributor Current User Role Novice
    OK.We will consider replacing the use of McAfee audit plugin.

    Thank you again!
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.