Not the answer you need?
Register and ask your own question!

audit plugin audit_log_exclude_accounts not working in 5.7.24-27

grosenthalgrosenthal EntrantCurrent User Role Supporter
Just installed the Percona MySQL audit log plugin and trying to exclude a really chatty user but no matter what i put for exclusion the particular user is still updating the audit log. I've seen this was a bug in previous versions. Is it still a bug?

Comments

  • lorraine.pocklingtonlorraine.pocklington Percona Community Manager Legacy User Role Patron
    Could you post your best example of an exclusion setting so that I can get someone to check it please? Are you getting any other symptoms? Don't give any real examples, just use an example user so we can see the syntax.
    Thanks
  • grosenthalgrosenthal Entrant Current User Role Supporter
    Thanks. I've tried multiple syntax including
    set global audit_log_exclude_accounts='[email protected]'
    set global audit_log_exclude_accounts="'user1'@'%'"
    set global audit_log_exclude_accounts='[email protected][ipaddress]'
  • YuviYuvi Entrant Current User Role Novice
    Hi,

    I am trying to install the Percona audit plugin on my MySQL server 5.5.38 but I am running into the below issue

    mysql> install plugin audit_log soname 'audit_log.so';

    ERROR 1123 (HY000): Can't initialize function 'audit_log'; Plugin initialization function failed.

    I checked the MySQL error logs it is not showing me up any useful information

    [ERROR] Plugin 'audit_log' registration as a AUDIT failed.

    [ERROR] Plugin 'audit_log' init function returned error.


    First I updated the my.cnf file with the required audit plugin variables like audit_log_format = csv , audit_log_rotate_on_size, audit_log_strategy etc., and then tried to install the plugin (install plugin audit_log soname 'audit_log.so') on the MySQL server which is showing the above error
  • YuviYuvi Entrant Current User Role Novice
    Hi ,

    I tried to install the Percona Audit plugin for MySQL 5.5.38 and it is showing me the below error

    mysql> install plugin audit_log soname 'audit_log.so';

    ERROR 1123 (HY000): Can't initialize function 'audit_log'; Plugin initialization function failed.

    First I modifed the my.cnf file with the follwoing variables like "audit_log_policy=All, audit_log_rotate_on_size=1G, audit_log_format=CSV,etc.,". and then tried to install the plugin as above which is throwing the error.

    Here are the errors from the MySQL error log file

    [ERROR] Plugin 'audit_log' registration as a AUDIT failed.

    [ERROR] Plugin 'audit_log' init function returned error.
  • Michael CoburnMichael Coburn Principal Architect, Percona Percona Staff Role
    Just FYI I moved this from PMM to MySQL channel
  • sergei.glushchenkosergei.glushchenko Percona Inactive User Role Novice
    Hi grosenthal ,

    Can you please post an example log record for this user? Also please share the output of "show variables like 'audit_log%'".
  • sergei.glushchenkosergei.glushchenko Percona Inactive User Role Novice
    Hi Yuvi ,
    Can you please post exact snippet which you have added to my.cnf, it could be that it has a syntax error.
  • grosenthalgrosenthal Entrant Current User Role Supporter
    mysql> show variables like '%audit_log%';
    +
    +
    +
    | Variable_name | Value |
    +
    +
    +
    | audit_log_buffer_size | 1048576 |
    | audit_log_exclude_accounts | [email protected] |
    | audit_log_exclude_commands | |
    | audit_log_exclude_databases | |
    | audit_log_file | /opt/sw/dbinstall/mysql/mysql-logs/audit.log |
    | audit_log_flush | OFF |
    | audit_log_format | OLD |
    | audit_log_handler | FILE |
    | audit_log_include_accounts | |
    | audit_log_include_commands | |
    | audit_log_include_databases | |
    | audit_log_policy | ALL |
    | audit_log_rotate_on_size | 0 |
    | audit_log_rotations | 0 |
    | audit_log_strategy | ASYNCHRONOUS |
    | audit_log_syslog_facility | LOG_USER |
    | audit_log_syslog_ident | percona-audit |
    | audit_log_syslog_priority | LOG_INFO |
    +
    +
    +

    a few audit log entries

    <AUDIT_RECORD
    NAME="Connect"
    RECORD="2729_2019-02-13T19:13:54"
    TIMESTAMP="2019-02-13T19:36:37 UTC"
    CONNECTION_ID="5"
    STATUS="0"
    USER="someuser"
    PRIV_USER="someuser"
    OS_LOGIN=""
    PROXY_USER=""
    HOST=""
    IP="xxx.xxx.xxx.xxx"
    DB=""
    />
    <AUDIT_RECORD
    NAME="Connect"
    RECORD="2730_2019-02-13T19:13:54"
    TIMESTAMP="2019-02-13T19:36:37 UTC"
    CONNECTION_ID="6"
    STATUS="0"
    USER="someuser"
    PRIV_USER="someuser"
    OS_LOGIN=""
    PROXY_USER=""
    HOST=""
    IP="xxx.xxx.xxx.xxx"
    DB=""
    />
    <AUDIT_RECORD
    NAME="Connect"
    RECORD="2731_2019-02-13T19:13:54"
    TIMESTAMP="2019-02-13T19:36:37 UTC"
    CONNECTION_ID="4"
    STATUS="0"
    USER="someuser"
    PRIV_USER="someuser"
    OS_LOGIN=""
    PROXY_USER=""
    HOST=""
    IP="xxx.xxx.xxx.xxx"
    DB=""


    AUDIT Entries in my.cnf


    audit_log_handler=FILE
    audit_log_file=/opt/sw/dbinstall/mysql/mysql-logs/audit.log
    audit_log_exclude_accounts='[email protected]'
  • YuviYuvi Entrant Current User Role Novice
    Hi sergei.glushchenko, I didn't received any update to my email when you asked me to post the "exact snippet from my.cnf"...here are the audit variables that I added in the my.cnf file


    audit_log_policy = ALL
    audit_log_file = /opt/SNAP/mysql/data/current
    audit_log_rotate_on_size = 4096
    audit_log_rotations = 25

    Please let me know if there are any systex issues.

    Thanks and regards
    Yuvi
  • YuviYuvi Entrant Current User Role Novice
    Hi sergei.glushchenko, I didn't received any email notification when you asked me to post the audit variable settings in my.cnf file. Here are the settings below that I added in my.cnf file.

    audit_log_policy = ALL
    audit_log_file = /opt/SNAP/mysql/data/current
    audit_log_rotate_on_size = 4096
    audit_log_rotations = 25

    Please let me know, if you want anything else from my side.

    Thanks and regards
    Yuvi
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.