I am having issues excluding users from Percona’s audit plugin. Users are added to my.cnf via the audit_log_exclude_accounts system variable but still show in the audit log.
audit_log_policy=ALL audit_log_format=JSON audit_log_file=/var/log/mysql/audit.log audit_log_rotate_on_size=10M audit_log_rotations=10 audit_log_exclude_accounts=''user_brand_stg'@'X.X.20.%','user_brand_stg'@'X.X.30.%','user_track_stg'@'X.X.20.%','user_track_stg'@'X.X.30.%','user@'X.X.%.%'....(19 TOTAL ACCOUNTS in a similar setup)'' audit_log_exclude_commands='show_status,show_processlist'
The users hosts and wildcards match what is in mysql.user for user
MySQL version :
mysqld Ver 5.7.36-39-57 for debian-linux-gnu on x86_64 (Percona XtraDB Cluster (GPL), Release rel39, Revision 5197785, WSREP version 31.55, wsrep_31.55)
Output from variables show
audit_log_include_accounts shows as NULL as well from select @@Global.audit_log_include_accounts
I also see the same issue on another similarly configured server :
mysqld Ver 5.7.34-37-57 for debian-linux-gnu on x86_64 (Percona XtraDB Cluster (GPL), Release rel37, Revision 99b8607, WSREP version 31.51, wsrep_31.51)
Any ideas on what is going wrong here?
Do I need to escape any characters, documentation only mentions comma and using the format ‘user’@‘host’