Audit plugin user filtering does not work

Hello guys,
I use the audit plugin to exclude a subset of users, but it does not work. The following two methods of setting are not working:

set global audit_log_exclude_accounts= “‘yzk’@‘192.168.1.1’”;
and show variables like ‘audit_log_exclude_accounts’ result is
audit_log_exclude_accounts | ‘yzk’@‘192.168.1.1’

set global audit_log_exclude_accounts= ‘yzk@192.168.1.1’;
and show variables like ‘audit_log_exclude_accounts’ result is
audit_log_exclude_accounts | ‘yzk@192.168.1.1’

Although I have re-logged in, but the log is still recorded in this account information on the 192.168.1.1.
It makes me soon have hundreds of G size log files.

I hope someone can tell me the correct setting method.

Thank you very much!

Hey Keith, what version of Percona Server are you currently using? Can you provide the output from SHOW GLOBAL VARIABLES LIKE 'audit%';

thanks in advance!

Percona Server version is : 5.6.36-82.0-log
And SHOW GLOBAL VARIABLES LIKE '%audti%'; output is :
±---------------------------±----------------------+
| Variable_name | Value |
±---------------------------±----------------------+
| audit_log_buffer_size | 1048576 |
| audit_log_exclude_accounts | ‘yzk’@‘192.168.1.1’ |
| audit_log_exclude_commands | |
| audit_log_file | audit.log |
| audit_log_flush | OFF |
| audit_log_format | OLD |
| audit_log_handler | FILE |
| audit_log_include_accounts | |
| audit_log_include_commands | |
| audit_log_policy | ALL |
| audit_log_rotate_on_size | 0 |
| audit_log_rotations | 0 |
| audit_log_strategy | ASYNCHRONOUS |
| audit_log_syslog_facility | LOG_USER |
| audit_log_syslog_ident | percona-audit |
| audit_log_syslog_priority | LOG_INFO |
±---------------------------±----------------------+
16 rows in set (0.00 sec)

Unfortunately, audit_log_exclude_accounts doesn’t work.

Thanks!

The configuration file /etc/my.cnf does not set any audit parameters.

Hi Keith,

this is a known bug in Percona Server. It will require a major upgrade to fix this in lieu of a patch for 5.6.xx releases.

[url]https://bugs.launchpad.net/percona-server/5.6/+bug/1679316[/url]

For more details.

BR

Andrew

p.s. there is a workaround described in the bug report but that may not fit your use case. It’s also viable to use the McAfee audit plugin to produce a similarly formatted output for your audit trail.

OK.We will consider replacing the use of McAfee audit plugin.

Thank you again!