Audit log file permission

bthnklc · October 30, 2023, 8:40am

Hi,

When the Audit log file is newly created, it is created with 640 rights. I have an authorization problem on the rsyslog side when the file is created with 640 rights. Here, I need a method to create the auditlog file with 644 or to enable rsyslog to read the file with existing rights. I would appreciate your help.

my.cnf:

audit_log_format=JSON
audit_log_file=/data2/audit/audit.log
audit_log_strategy=SYNCHRONOUS
log_timestamps=SYSTEM
audit_log_rotate_on_size=250M
audit_log_rotations=200

current audit file:

-rw-r----- 1 mysql mysql 148399808 Oct 30 11:41 audit.log

matthewb · October 30, 2023, 2:44pm

Hello @bthnklc,
Since you are trying to stream logs, would these parameters help?

github.com

percona/percona-server/blob/8.0/doc/source/management/audit_log_plugin.rst#streaming-the-audit-log-to-syslog

.. _audit_log_plugin:

================================================================================
 Audit Log Plugin
================================================================================

Percona Audit Log Plugin provides monitoring and logging of connection and query
activity that were performed on specific server. Information about the activity
is stored in a log file. This
implementation is alternative to the `MySQL Enterprise Audit Log Plugin
<https://dev.mysql.com/doc/refman/8.0/en/audit-log.html>`_

Audit logging documents the database usage. You can use the log for troubleshooting. 

* **Audit** - Audit event indicates that audit logging started or finished. ``NAME`` field will be ``Audit`` when logging started and ``NoAudit`` when logging finished. Audit record also includes server version and command-line arguments.

Example of the Audit event: :: 

 <AUDIT_RECORD
  "NAME"="Audit"

This file has been truncated. show original

If not, you would need to open a feature request at https://jira.percona.com/ and our team will evaluate priority and see about making a fix.

bthnklc · October 31, 2023, 7:42am

matthewb:

Percona Audit Log Plugin provides monitoring and logging of connection and query
activity that were performed on specific server. Information about the activity
is stored in a log file. This
implementation is alternative to the `MySQL Enterprise Audit Log Plugin
<https://dev.mysql.com/doc/refman/8.0/en/audit-log.html>`_

Audit logging documents the database usage. You can use the log for troubleshooting. 

* **Audit** - Audit event indicates that audit logging started or finished. ``NAME`` field will be ``Audit`` when logging started and ``NoAudit`` when logging finished. Audit record also includes server version and command-line arguments.

Another situation occurred in the problem. I deleted the audit plugin on the node where I had a problem on the database system, which I positioned as master-master in five nodes, and when I wanted to install it again, it appeared to be in deleted status on the other nodes. When I wanted to install it again, it gave an error and disconnected from the cluster. Do I need to remove it from all nodes?

matthewb · October 31, 2023, 12:02pm

Delete from all nodes. Install to all nodes.

bthnklc · October 31, 2023, 7:56pm

Does this process cause an interruption?

yunus_shaikh · November 1, 2023, 7:38am

No, this should not cause an interruption to uninstall and install it back.

Topic		Replies	Views
Percona Audit_Log on MySQL Server - Record time value is Wrong MySQL & MariaDB mysql , percona	1	609	March 16, 2022
Record and timestamp problem in audit.log Percona Server for MySQL 8.0	5	1278	April 2, 2022
Audit log file encryption MySQL & MariaDB percona	1	536	November 3, 2022
audit_log_format=JSON not being applied even after adding to my.cnf and restarting mysql server Percona Server for MySQL 8.0	1	690	September 1, 2022
Percona Audit Log plugin on MySQL Server - (audit.log) Record time and timestamp different from OS time Percona Server for MySQL 8.0 mysql , percona	2	742	April 6, 2022

Audit log file permission

Related Topics