audit plugin audit_log_exclude_accounts not working in 5.7.24-27

Just installed the Percona MySQL audit log plugin and trying to exclude a really chatty user but no matter what i put for exclusion the particular user is still updating the audit log. I’ve seen this was a bug in previous versions. Is it still a bug?

Could you post your best example of an exclusion setting so that I can get someone to check it please? Are you getting any other symptoms? Don’t give any real examples, just use an example user so we can see the syntax.
Thanks

Thanks. I’ve tried multiple syntax including
set global audit_log_exclude_accounts=‘user1@’
set global audit_log_exclude_accounts="‘user1’@’%’"
set global audit_log_exclude_accounts=‘user1@[ipaddress]’

Hi,

I am trying to install the Percona audit plugin on my MySQL server 5.5.38 but I am running into the below issue

mysql> install plugin audit_log soname ‘audit_log.so’;

ERROR 1123 (HY000): Can’t initialize function ‘audit_log’; Plugin initialization function failed.

I checked the MySQL error logs it is not showing me up any useful information

[ERROR] Plugin ‘audit_log’ registration as a AUDIT failed.

[ERROR] Plugin ‘audit_log’ init function returned error.

First I updated the my.cnf file with the required audit plugin variables like audit_log_format = csv , audit_log_rotate_on_size, audit_log_strategy etc., and then tried to install the plugin (install plugin audit_log soname ‘audit_log.so’) on the MySQL server which is showing the above error

Hi ,

I tried to install the Percona Audit plugin for MySQL 5.5.38 and it is showing me the below error

mysql> install plugin audit_log soname ‘audit_log.so’;

ERROR 1123 (HY000): Can’t initialize function ‘audit_log’; Plugin initialization function failed.

First I modifed the my.cnf file with the follwoing variables like “audit_log_policy=All, audit_log_rotate_on_size=1G, audit_log_format=CSV,etc.,”. and then tried to install the plugin as above which is throwing the error.

Here are the errors from the MySQL error log file

[ERROR] Plugin ‘audit_log’ registration as a AUDIT failed.

[ERROR] Plugin ‘audit_log’ init function returned error.

Just FYI I moved this from PMM to MySQL channel

Hi grosenthal ,

Can you please post an example log record for this user? Also please share the output of “show variables like ‘audit_log%’”.

Hi Yuvi ,
Can you please post exact snippet which you have added to my.cnf, it could be that it has a syntax error.

mysql> show variables like ‘%audit_log%’;
±----------------------------±---------------------------------------------+
| Variable_name | Value |
±----------------------------±---------------------------------------------+
| audit_log_buffer_size | 1048576 |
| audit_log_exclude_accounts | someuser@ |
| audit_log_exclude_commands | |
| audit_log_exclude_databases | |
| audit_log_file | /opt/sw/dbinstall/mysql/mysql-logs/audit.log |
| audit_log_flush | OFF |
| audit_log_format | OLD |
| audit_log_handler | FILE |
| audit_log_include_accounts | |
| audit_log_include_commands | |
| audit_log_include_databases | |
| audit_log_policy | ALL |
| audit_log_rotate_on_size | 0 |
| audit_log_rotations | 0 |
| audit_log_strategy | ASYNCHRONOUS |
| audit_log_syslog_facility | LOG_USER |
| audit_log_syslog_ident | percona-audit |
| audit_log_syslog_priority | LOG_INFO |
±----------------------------±---------------------------------------------+

a few audit log entries

<AUDIT_RECORD
NAME=“Connect”
RECORD=“2729_2019-02-13T19:13:54”
TIMESTAMP=“2019-02-13T19:36:37 UTC”
CONNECTION_ID=“5”
STATUS=“0”
USER=“someuser”
PRIV_USER=“someuser”
OS_LOGIN=""
PROXY_USER=""
HOST=""
IP=“xxx.xxx.xxx.xxx”
DB=""
/>
<AUDIT_RECORD
NAME=“Connect”
RECORD=“2730_2019-02-13T19:13:54”
TIMESTAMP=“2019-02-13T19:36:37 UTC”
CONNECTION_ID=“6”
STATUS=“0”
USER=“someuser”
PRIV_USER=“someuser”
OS_LOGIN=""
PROXY_USER=""
HOST=""
IP=“xxx.xxx.xxx.xxx”
DB=""
/>
<AUDIT_RECORD
NAME=“Connect”
RECORD=“2731_2019-02-13T19:13:54”
TIMESTAMP=“2019-02-13T19:36:37 UTC”
CONNECTION_ID=“4”
STATUS=“0”
USER=“someuser”
PRIV_USER=“someuser”
OS_LOGIN=""
PROXY_USER=""
HOST=""
IP=“xxx.xxx.xxx.xxx”
DB=""

AUDIT Entries in my.cnf

audit_log_handler=FILE
audit_log_file=/opt/sw/dbinstall/mysql/mysql-logs/audit.log
audit_log_exclude_accounts=‘someuser@’

Hi sergei.glushchenko, I didn’t received any update to my email when you asked me to post the "exact snippet from my.cnf"…here are the audit variables that I added in the my.cnf file

audit_log_policy = ALL
audit_log_file = /opt/SNAP/mysql/data/current
audit_log_rotate_on_size = 4096
audit_log_rotations = 25

Please let me know if there are any systex issues.

Thanks and regards
Yuvi

Hi sergei.glushchenko, I didn’t received any email notification when you asked me to post the audit variable settings in my.cnf file. Here are the settings below that I added in my.cnf file.

audit_log_policy = ALL
audit_log_file = /opt/SNAP/mysql/data/current
audit_log_rotate_on_size = 4096
audit_log_rotations = 25

Please let me know, if you want anything else from my side.

Thanks and regards
Yuvi

If you want to exclude user with IP (not localhost) it is very difficulty. I resolve this problem after facebook chat.

It is necessary to make first audit_log_include_accounts = NULL;

then added a list of excluded accounts

audit_log_exclude_accounts = ‘user@1.1.1.1,user1@9.9.9.9’