Audit plugin user filtering does not work

MySQL & MariaDB Other MySQL® Questions
1

Hello guys,
I use the audit plugin to exclude a subset of users, but it does not work. The following two methods of setting are not working:

set global audit_log_exclude_accounts= “‘yzk’@‘192.168.1.1’”;
and show variables like ‘audit_log_exclude_accounts’ result is
audit_log_exclude_accounts | ‘yzk’@‘192.168.1.1’

set global audit_log_exclude_accounts= ‘yzk@192.168.1.1’;
and show variables like ‘audit_log_exclude_accounts’ result is
audit_log_exclude_accounts | ‘yzk@192.168.1.1’

Although I have re-logged in, but the log is still recorded in this account information on the 192.168.1.1.
It makes me soon have hundreds of G size log files.

I hope someone can tell me the correct setting method.

Thank you very much!

2

Hey Keith, what version of Percona Server are you currently using? Can you provide the output from SHOW GLOBAL VARIABLES LIKE 'audit%';

thanks in advance!

3

Percona Server version is : 5.6.36-82.0-log
And SHOW GLOBAL VARIABLES LIKE '%audti%'; output is :
±---------------------------±----------------------+
| Variable_name | Value |
±---------------------------±----------------------+
| audit_log_buffer_size | 1048576 |
| audit_log_exclude_accounts | ‘yzk’@‘192.168.1.1’ |
| audit_log_exclude_commands | |
| audit_log_file | audit.log |
| audit_log_flush | OFF |
| audit_log_format | OLD |
| audit_log_handler | FILE |
| audit_log_include_accounts | |
| audit_log_include_commands | |
| audit_log_policy | ALL |
| audit_log_rotate_on_size | 0 |
| audit_log_rotations | 0 |
| audit_log_strategy | ASYNCHRONOUS |
| audit_log_syslog_facility | LOG_USER |
| audit_log_syslog_ident | percona-audit |
| audit_log_syslog_priority | LOG_INFO |
±---------------------------±----------------------+
16 rows in set (0.00 sec)

Unfortunately, audit_log_exclude_accounts doesn’t work.

Thanks!

4

The configuration file /etc/my.cnf does not set any audit parameters.

5

Hi Keith,

this is a known bug in Percona Server. It will require a major upgrade to fix this in lieu of a patch for 5.6.xx releases.

[url]https://bugs.launchpad.net/percona-server/5.6/+bug/1679316[/url]

For more details.

BR

Andrew

6

p.s. there is a workaround described in the bug report but that may not fit your use case. It’s also viable to use the McAfee audit plugin to produce a similarly formatted output for your audit trail.

7

OK.We will consider replacing the use of McAfee audit plugin.

Thank you again!