The old Percona Audit Log plugin works fine with MySQL 8.0. Does anyone know if the new audit_log_filter component works with MySQL 8.4?
I’ve been trying to install it and it doesn’t seem to install properly. Just wanting to check if it is me, or if it simply isn’t compatible with MySQL anymore.
It seems by default the plugin is not available with Percona Server for MySQL - 8.4
mysql> INSTALL PLUGIN audit_log SONAME 'audit_log.so';
ERROR 1126 (HY000): Can't open shared library '/usr/lib64/mysql/plugin/audit_log.so' (errno: 11 /usr/lib64/mysql/plugin/audit_log.so: cannot open shared object file: No such file or directory)
Are you using the Percona Server for MySQL or the Upstream(Oracle) 8.4 ?
Well for the upstream also you can copy the audit_log.so file
separately - Using the Percona Audit Logging Plugin on MySQL Community 8.0.x and make it work with the INSTALL PLUGIN ...
As far as audit_log_filter is concerned it should support - Install the Audit Log Filter - Percona Server for MySQL
Can you please let us know exactly what error or issue you are facing to better understand the scenario ?
At present I am using (Oracle) MySQL 8.0 (community) with the Percona Audit Log plugin. I am looking to upgrade to (Oracle) MySQL 8.4 (community) but require a working audit log plugin. As you say it doesn’t appear to be available in the Percona for MySQL 8.4 editions. I will have another look at the Percona Audit Log filter plugin to see if that works (although from previous testing it seems that it doesn’t).
So, I though maybe it’s because I have MySQL 8.4 and Percona are on 8.3. So I installed a copy of Percona Server for MySQL (8.4.3-3) and followed the instructions on the website (Audit Log Filter overview - Percona Server for MySQL). And it still doesn’t work.
I set up the two tables and populated them with:
insert into audit_log_filter (filter_id, name, filter) values (1, 'all events', '{"filter": { "log": true }}');
insert into audit_log_filter (username, userhost, filtername) values ('%', '%', 'all events');
I then restarted MySQL to make sure, and created a new user / schema / tables / logged out and back in with the new user etc.
And all I have in the log is:
[ { "timestamp": "2025-03-11 14:03:20", "id": 0, "class": "audit", "event": "audit", "server_id": 1 }#
Clearly there is some issue with it !!!
I’m just wondering has anyone made it work, and if so how ???
As a side note, I also just tried installing the original audit_log plugin (audit_log.so), that was bundled with MySQL 8.4.3-3.
It also doesn’t work. It just gives an error
Error Code: 1126. Can’t open shared library `/usr/lib/mysql/plugin/audit_log.so’ (errno: 0 /usr/lib/mysql/plugin/audit_log.so: undefined symbol: my_thread_init)
I guess that wasn’t tested either.
Bug Raised for the standard audit_log not installing - Jira
@IGGt
Based on Percona’s official documentation (Upgrade Components - Percona Server 8.4), the old audit_log plugin has been removed in MySQL 8.4, and the recommended replacement is the audit_log_filter component.
Regarding your setup, the issue likely stems from how the filter is applied. Instead of inserting values directly into audit_log_filter and audit_log_user tables, you should use the built-in functions:
SELECT audit_log_filter_set_filter('log_all', '{"filter": {"log": true}}');
SELECT audit_log_filter_set_user('%', 'log_all');
This ensures that MySQL properly registers the filter.
For more details, I recommend this blog
Hope this helps
That makes no difference either. I re-installed the audit_log_filter from scratch, configured it as per above. I then ran a selection of queries using two different accounts, and still nothing appears in the audit log.
I also installed Percona Server for MySQL 8.0 (8.0.41-32), and followed the instructions to install the audit_log_filter plugin Audit Log Filter overview - Percona Server for MySQL.
And it still doesn’t work. The result is exactly the same. The log contains one entry from when the server starts, and then nothing else ever gets added.
Hello @IGGt ,
There is a bug with audit_log_filter plugin discussed here : Strange behaviour with Audit Log Filter component.
So maybe your case matches the behaviour describes in this thread.
Note that fix has been made and included to Percona release 8.4.4 but this version is not released yet (this is planned for Q1 2025).
Cheers, it looks like it may indeed be related. If I set up a filter for a specific user rather than all users, I get data in the log file.
SELECT audit_log_filter_set_user('test@localhost', 'log_all');
I will wait for the new version and go from there,
I can confirm, the latest versions of Oracle MySQL (8.4.5) and Percona for MySQL 8.4.4 appear to have fixed the issues.
Hi IGGt,
I tried to execute the function in MySQL 8.4.5 with Percona 8.4.4.4-4 Audit log filter component but I get only error:
mysql> SELECT audit_log_filter_set_user('test@localhost', 'log_all');
+--------------------------------------------------------+
| audit_log_filter_set_user('test@localhost', 'log_all') |
+--------------------------------------------------------+
| ERROR: Failed to check filtering rule name existence
If I use the INSERT INTO statement, then the audit log is almost working as I expect. I tried this filter:
INSERT INTO audit_log.audit_log_filter (name, filter) VALUES ('log_all','
{ "filter":
{ "class": [
{ "log": true, "name": "connection"},
{ "name": "query",
"event": {
"name": "start",
"log": {
"not": {
"or": [
{ "field": { "name": "sql_command_id", "value": "help"} },
{ "field": { "name": "sql_command_id", "value": "show_binlogs"} },
{ "field": { "name": "sql_command_id", "value": "show_binlog_events"} },
{ "field": { "name": "sql_command_id", "value": "show_charsets"} },
{ "field": { "name": "sql_command_id", "value": "show_collations"} },
{ "field": { "name": "sql_command_id", "value": "show_create_db"} },
{ "field": { "name": "sql_command_id", "value": "show_create_event"} },
{ "field": { "name": "sql_command_id", "value": "show_create_func"} },
{ "field": { "name": "sql_command_id", "value": "show_create_proc"} },
{ "field": { "name": "sql_command_id", "value": "show_create_table"} },
{ "field": { "name": "sql_command_id", "value": "show_create_trigger"} },
{ "field": { "name": "sql_command_id", "value": "show_databases"} },
{ "field": { "name": "sql_command_id", "value": "show_engine_mutex"} },
{ "field": { "name": "sql_command_id", "value": "show_engine_status"} },
{ "field": { "name": "sql_command_id", "value": "show_errors"} },
{ "field": { "name": "sql_command_id", "value": "show_events"} },
{ "field": { "name": "sql_command_id", "value": "show_master_status"} },
{ "field": { "name": "sql_command_id", "value": "show_open_tables"} },
{ "field": { "name": "sql_command_id", "value": "show_plugins"} },
{ "field": { "name": "sql_command_id", "value": "show_procedure_code"} },
{ "field": { "name": "sql_command_id", "value": "show_procedure_status"} },
{ "field": { "name": "sql_command_id", "value": "show_processlist"} },
{ "field": { "name": "sql_command_id", "value": "show_profile"} },
{ "field": { "name": "sql_command_id", "value": "show_profiles"} },
{ "field": { "name": "sql_command_id", "value": "show_relaylog_events"} },
{ "field": { "name": "sql_command_id", "value": "show_replica_status"} },
{ "field": { "name": "sql_command_id", "value": "show_replicas"} },
{ "field": { "name": "sql_command_id", "value": "show_status"} },
{ "field": { "name": "sql_command_id", "value": "show_storage_engines"} },
{ "field": { "name": "sql_command_id", "value": "show_tables"} },
{ "field": { "name": "sql_command_id", "value": "show_table_status"} },
{ "field": { "name": "sql_command_id", "value": "show_triggers"} },
{ "field": { "name": "sql_command_id", "value": "show_variables"} },
{ "field": { "name": "sql_command_id", "value": "show_warnings"} },
{ "field": { "name": "sql_command_id", "value": "replica_start"} },
{ "field": { "name": "sql_command_id", "value": "replica_stop"} }
]
}
}
}
}
]}
}');
in error log:
[ERROR] [MY-011071] [Server] Component audit_log_filter reported: 'audit_log_filter name: %s, filter: %s has wrong format'
The statement
SELECT audit_log_filter_set_user('test@localhost', 'log_all');
produces an error because it seems log_all filter doesn’t exist.
You can check with query :
select * from audit_log.audit_log_filter where filter = 'log_all';
But as your INSERT statement generate an error in log, previous query will display no result.
You don’t use the right method to add filter, the official method to add filter is to use the component function :
SELECT audit_log_filter_set_filter('log_all',filter_rule);
And in your case, the filter rule exceeds the maximum authorised limit of 1024 characters.
You can find an answer to write the correct rule in this thread : Write audit_log_filter definitons
I know what the official method is, but not working if I use it on MySQL Community 8.4.5 version with Percona 8.4.4.4-4 Audit log Filter Component (Copied the so file to the MySQL plugin folder.).
mysql> SELECT audit_log_filter_set_filter('log_all_test','{"filter": {"log": true}}');
+-------------------------------------------------------------------------+
| audit_log_filter_set_filter('log_all_test','{"filter": {"log": true}}') |
+-------------------------------------------------------------------------+
| ERROR: Failed to check filtering rule name existence |
+-------------------------------------------------------------------------+
1 row in set (0.00 sec)
Current filter which is working and I inserted it with this below command to the tables:
INSERT INTO audit_log.audit_log_filter (name, filter) VALUES ('log_all_test','
{ "filter":
{ "class": [
{ "name": "connection",
"event": [
{ "name": "connect", "log": true },
{ "name": "disconnect", "log": true }
]
},
{ "name": "table_access",
"event": [
{ "name": "read", "log": false },
{ "name": "insert", "log": true },
{ "name": "delete", "log": true },
{ "name": "update", "log": true }
]
},
{ "name": "general", "log": true }
]}
}');
INSERT INTO audit_log.audit_log_user (username, userhost, filtername) VALUES ('root', 'localhost', 'log_all_test');
Results after restart the MySQL and I executed the “SHOW DATABASES;”
{
"timestamp": "2025-05-06 13:53:37",
"id": 94,
"class": "general",
"event": "log",
"connection_id": 19,
"account": { "user": "root[root] @ localhost []", "host": "localhost" },
"login": { "user": "root[root] @ localhost []", "ip": "", "proxy": "" },
"general_data": { "status": 0 }
},
{
"timestamp": "2025-05-06 13:53:37",
"id": 95,
"class": "general",
"event": "result",
"connection_id": 19,
"account": { "user": "root[root] @ localhost []", "host": "localhost" },
"login": { "user": "root[root] @ localhost []", "ip": "", "proxy": "" },
"general_data": { "status": 0 }
},
{
"timestamp": "2025-05-06 13:53:37",
"id": 96,
"class": "general",
"event": "status",
"connection_id": 19,
"account": { "user": "root[root] @ localhost []", "host": "localhost" },
"login": { "user": "root[root] @ localhost []", "ip": "", "proxy": "" },
"general_data": { "status": 0 }
}
So something is working, but I cannot fine tune the filter definition. Maybe I am a lame 
I tried the set_filter function you have above and that works fine for me, as does the matching set_user function:
SELECT audit_log_filter_set_filter('log_all_test','{"filter": {"log": true}}');
SELECT audit_log_filter_set_user('root@localhost', 'log_all_test');
I would suggest you delete all the entries from the tables, then start over (uninstall/re-install the component and tables).
I had similar errors in testing, and I suspect it was because I had inadvertently added incorrect entries and not removed them properly.
I re-initialized the MySQL Community Server 8.4.5 and I tried to install the component with the
mysql -u root -p < audit_log_filter_linux_install.sql
but I got two error in MySQL error.log file:
2025-05-07T08:05:45.952144Z 247 [ERROR] [MY-011071] [Server] Component audit_log_filter reported: 'Failed to start table access transaction'
2025-05-07T08:05:45.952298Z 246 [ERROR] [MY-011071] [Server] Component audit_log_filter reported: 'Failed to load filtering rules'
So something is wrong ot the process what I follow / did it was not correct.
Any idea?
OS Release:
NAME="SLES"
VERSION="15-SP6"
VERSION_ID="15.6"
Thank you!
If I understand correctly you have a server under SUSE Linux Entreprise (or derivated) and Percona doesn’t support this OS. Maybe this is the reason why the audit component doesn’t work correctly.
I am using the audit_log.so plugin under the MySQL Community 8.0.32 and SLES 12 and SLES 15 and it is working as expected.
So, I guess I should work.
Did you completely remove the original install? (delete entry in mysql.component; remove entries from audit tables (using the remove_filter function) uninstall component ‘file://component_audit_log_filter’; drop audit tables; remove any entries in my.cnf file; restart MySQL).
After that maybe try running the “audit_log_filter_linux_install.sql” one command at a time, rather than the whole script, so you can see exactly where it is failing.
After the fully remove or install a full clear MySQL (re-initialize) and install the audit log filter component with the SQL script I got this error:
2025-05-07T12:49:44.357887Z 14 [ERROR] [MY-011071] [Server] Component audit_log_filter reported: 'Failed to start table access transaction'
2025-05-07T12:49:44.358016Z 13 [ERROR] [MY-011071] [Server] Component audit_log_filter reported: 'Failed to load filtering rules'
So, I do not know that is the issue now.
Update:
I found the issue: The problem was the read_only variable. The value was ON, so I commented out the row in my.cnf and remove everything and install again the component and It is worked as I expected.
mysql> SELECT audit_log_filter_set_filter('log_all_test','{"filter": {"log": true}}');
+-------------------------------------------------------------------------+
| audit_log_filter_set_filter('log_all_test','{"filter": {"log": true}}') |
+-------------------------------------------------------------------------+
| OK |
+-------------------------------------------------------------------------+
1 row in set (0.01 sec)
mysql> SELECT audit_log_filter_remove_filter('log_all_test');
+------------------------------------------------+
| audit_log_filter_remove_filter('log_all_test') |
+------------------------------------------------+
| OK |
+------------------------------------------------+
1 row in set (0.01 sec)
Now I have to config a good filter for me.
My problem is the same as @dba_S4dscjz to skip the SHOW_ command.
**So, Thank you for your time!! ** @IGGt and @dba_S4dscjz
I also can confirm the Percona For MySQL 8.4.4 Audit Log Filter Component is working with MySQL Community 8.4.5 Version.
Unanswered | Unsolved | Solved
MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright © 2006 - 2024 Percona LLC. All rights reserved.