Audit log filter component issue in MySQL 8.4.4

MySQL & MariaDB Other MySQL® Questions
1

Hello Team,

The Percona MySQL 8.0 Audit Plugin works very well with MySQL 8.0 Community Edition, and we have been using it successfully. We are now evaluating options for MySQL 8.4.4 Community Edition.

I noticed that the Audit Log Plugin has been removed from Percona Server for MySQL 8.4, so I explored the alternative Percona Audit Log Filter Component available in Percona Server 8.4.4.

However, when attempting to install the component on MySQL Community 8.4.4, I encountered the following error:

INSTALL COMPONENT ‘file://component_audit_log_filter’;
ERROR: 1126 (HY000): Can’t open shared library ‘/mysqlbin/lib/plugin/component_audit_log_filter.so’ (errno: 0 /mysqlbin/bin/../lib/private/libcrypto.so.3: version `OPENSSL_1_1_0’ not found (required by /mysqlbin/lib/plugin/component_audit)

Is the Percona Audit Log Filter Component (from Percona Server 8.4.4) compatible with MySQL Community 8.4.4?

1 Like
2

The audit log filter component is part of the ‘MySQL Enterprise Audit’ feature in Oracle MySQL. Similarly, Percona provides this capability as an open-source component in Percona Server for MySQL. If you want to use the audit log filter functionality offered by Percona, you should use Percona Server for MySQL instead of the MySQL Community Edition.

3

Hello Abhinav,

Thanks for follow up email.

I could see in one of the thread confirms Percona MySQL 8.4 Audit log filter works in Oracle MySQL Community edition 8.4.

Am i missing any configuration here to work?

4

Hi Dhivya,

Could you provide details of your environment. Do you use mysql tarballs?

5

Yes Vadim, I used mysql tarball installation. Please find the env details.

OS : RHEL 8.9 (Ootpa)

MySQL Tarball Used : mysql-8.4.4-linux-glibc2.28-x86_64.tar.xz

DB Version : 8.4.4 MySQL Community Server

MySQL data directory : /mysql/data

MySQL Binary path : /mysqlbin

ls /mysqlbin/
bin docs include lib LICENSE man README share support-files

Copied location of Percona MySQL Audit log filter component to plugin dir:

ls /mysqlbin/lib/plugin/component_audit_log_filter.so
/mysqlbin/lib/plugin/component_audit_log_filter.so

6

Hi, I can confirm that it does work as I am running it (albeit in test only) using MySQL Community 8.4.7 and the Percona Audit_Log_filter component on Debian 12.

I seem to recall there was a Bug with the audit log handling in MySQL 8.4.4 that affected both the MySQL and Percona audit log’s that was fixed with MySQL 8.4.5, so maybe try upgrading to the latest version if possible.

7

@Dhivya_Arumugam,
If you look at the error message more closely, you’ll see that the issue is not about the audit plugin, but around the system openssl library version. Try installing an older version of openssl in the 1.0 area. Percona removed openssl 1.0 from many of our latest releases as it is old, insecure, and deprecated by the openssl devs, and most OSes. There’s some sort of incompatibility with your libcrypto version.

8

Hello @matthewb
Seems Percona requires openssl 1.1.x version and Oracle mysql uses latest openssl 3.0.0 version

MySQL CE 8.4.4 binary path : /mysqlbin
Percona 8.4.4 binary path : /home/ec2-user/Percona-Server-8.4.4-4-Linux.x86_64.glibc2.28

shell> objdump -T /home/ec2-user/Percona-Server-8.4.4-4-Linux.x86_64.glibc2.28/lib/plugin/component_audit_log_filter.so | grep OPENSSL | head -n 2

0000000000000000 DF UND 0000000000000000 OPENSSL_1_1_0 EVP_EncryptFinal_ex
0000000000000000 DF UND 0000000000000000 OPENSSL_1_1_0 ERR_clear_error

After copying the audit log filter component to MySQL plugin dir, ran the compatibility:

shell> ldd /mysqlbin/lib/plugin/component_audit_log_filter.so

/mysqlbin/lib/plugin/component_audit_log_filter.so: /mysqlbin/lib/plugin/../private/libcrypto.so: version `OPENSSL_1_1_0’ not found (required by /mysqlbin/lib/plugin/component_audit_log_filter.so)
linux-vdso.so.1 (0x00007ffe0c1e4000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb6ffabf000)
libssl.so => /mysqlbin/lib/plugin/../private/libssl.so (0x00007fb6ff817000)
libcrypto.so => /mysqlbin/lib/plugin/../private/libcrypto.so (0x00007fb6ff1dc000)
libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007fb6fee47000)
libm.so.6 => /lib64/libm.so.6 (0x00007fb6feac5000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fb6fe8ad000)
libc.so.6 => /lib64/libc.so.6 (0x00007fb6fe4e8000)
/lib64/ld-linux-x86-64.so.2 (0x00007fb6ffcdf000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fb6fe2e4000)

shell> objdump -T /mysqlbin/lib/private/libcrypto.so.3 | grep OPENSSL | head -n 2

00000000001a4a63 g DF .text 000000000000008f OPENSSL_3.0.0 OSSL_ENCODER_do_all_provided
00000000001dd29d g DF .text 000000000000009a OPENSSL_3.0.0 EVP_PKEY_get_int_param

9

@matthewb

Can we raise a feature request to upgrade the OpenSSL version to the latest release for the Percona Audit Log Filter component?

10

Hi @Dhivya_Arumugam, Can you check the latest version of Percona MySQL 8.4.5?

$ objdump -T ~/dbdeployer/opt/mysql/ps8.4.5/lib/plugin/component_audit_log_filter.so | grep -i openssl
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_DecryptFinal
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_EncryptUpdate
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) ERR_peek_error
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_DecryptInit
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) ERR_error_string
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_DecryptUpdate
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_aes_256_cbc
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_CIPHER_CTX_new
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_CipherInit_ex
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_CIPHER_CTX_free
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_CIPHER_get_key_length
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) ERR_clear_error
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) RAND_bytes
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_EncryptFinal_ex
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_CIPHER_get_block_size
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) PKCS5_PBKDF2_HMAC
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_sha256
0000000000000000      DF *UND*	0000000000000000 (OPENSSL_3.0.0) EVP_CIPHER_get_iv_length
11

Hi!

please check the MySQL tarball glibc version and Percona glibc version. It should be the same. Try it with the 2.35

I can confirm also: the MySQL 8.4.7 Community and Percona 8.4.6-6 audit component is working well.

12

Hi @GergoGalamb

I tried to download linux generic mysql tarball package for 8.4.7 CE, however, i do not find package for glibc 2.35
Attaching the screenshot

Screenshot 2025-12-11 at 10.07.48 PM
Screenshot 2025-12-11 at 10.07.48 PM1026×768 101 KB

14

@matthewb @GergoGalamb

As suggested, I observed that the Percona MySQL distribution built with glibc 2.31 and above uses OpenSSL 3.0.x. However, I could not find any MySQL Community Edition tarball binaries available for download that are built with glibc 2.31 or higher. Could you please advise on this or suggest an alternative approach?