Audit_log_filter with version 8.0

dba_S4dscjz · July 18, 2025, 2:01pm

Hello dear community,

Once again we have a question about audit_log_filter. This time we use the version for Percona MySQL 8.0 Audit Log Filter overview - Percona Server for MySQL
First in the doc there is no page explaining how to write filter definitions compared to doc for 8.4 (Write audit_log_filter definitons - Percona Server for MySQL). And when we test to define filters like :

{
  "filter": {
    "class": [
      {
        "name": "query",
        "event": {
          "name": "start",
          "log": {
              "or": [
                { "field": { "name": "sql_command_id", "value": "select"} },
                { "field": { "name": "sql_command_id", "value": "create_table"} },
                { "field": { "name": "sql_command_id", "value": "drop_table"} }
              ]
          }
        }
      }
    ]
  }
}

Nothing is writing in audit log file. Or if we test another filter like :

{
  "filter": {
    "class": [
      { "name": "connection", "event": {"name": ["connect", "disconnect"], "log": true} },
      {
        "name": "query",
        "event": {
          "name": ["start", "status_end"],
          "log": {
            "not": {
              "or": [
                { "function": {
                  "name": "string_find",
                  "args": [{"string": {"field": "sql_command_id"}}, {"string": {"string": "show_"}}]
                }},
                { "field": { "name": "sql_command_id", "value": "select"} }
              ]
            }
          }
        }
      }
    ]
  }
}

Filter doesn’t work too because SELECT and SHOW queries are written in the audit log file.

Perhaps in version 8.0 the plugin is not fully implemented, can you please confirm if this is the case ?

matthewb · July 18, 2025, 5:50pm

Hello @dba_S4dscjz,
I would search these forums. There have been many posts about the audit log and its configuration, along with updates/posts from the author of the plugin. If you can’t find a solution after searching, let us know.

dba_S4dscjz · July 19, 2025, 4:50pm

Thank @matthewb for your reply !

Yes there are a lot of topics on audit_log_filter component and I’ve started some of them.
But this time the provided examples in first message work correctly with the latest version of the component (included with Percona MySQL 8.4) and not with the previous version (Percona MySQL 8.0). And we haven’t found any posts about this problem in the forum.

We believe that the component was not fully developed in version 8.0, perhaps the plugin author can confirm this. (Can you ask him or tag him please).

For the record, we’re asking this question because we have instances of version 8.0 that run the audit history plugin, the one where you configure the audit_log_exclude_accounts variable, for example. Recently we changed the MySQL connector on the application side and the value of this variable was no longer taken into account, so user requests were logged incorrectly.
As we couldn’t find the reason for this problem we considered changing the audit plugin to use audit_log_filter but when we tested version 8.0 we saw that the filters didn’t work, at least not in the same way as for version 8.4.

Topic		Replies	Views
Audit_log_filter plugin not working with mysql 8.0.36 Percona Server for MySQL 8.0 mysql	2	755	March 19, 2024
Audit_log_filter component and MySQL 8.4 Other MySQL® Questions	19	517	May 7, 2025
Write audit_log_filter definitons Percona Server for MySQL 8.0	4	114	April 25, 2025
Audit log filter not working after upgrade from Percona 8.0.41 to 8.4.4	1	67	May 22, 2025
Defining rules for audit log filter component (v8.0 / 8.4) Percona Server for MySQL 8.0	2	158	May 7, 2025

Audit_log_filter with version 8.0

Related topics