Hello Percona team!
I read the doc for the audit plugin which you have here:
https://www.percona.com/doc/percona-server/5.7/management/audit_log_plugin.html
In our setup we have prepare/execute commands.
We can include the execute statements in the audit.
But its mean that we include everything what we run in execute statements.
The question is: “Can I exclude “selects” which we run in “execute” statement from the audit somehow?”
Hi!
You can exclude commands with “audit_log_exclude_commands” parameter as shown on the official doc: audit_log_exclude_commands
In your case , every select inside an execute statement will also be logged even if you exclude “selects”. Reason is shown with this example:
<AUDIT_RECORD
NAME=“Query”
RECORD=“33_2022-04-13T12:17:04”
TIMESTAMP=“2022-04-13T12:20:06 UTC”
COMMAND_CLASS=“execute_sql”
CONNECTION_ID=“5”
STATUS=“0”
SQLTEXT=“SELECT 25+35 AS SUM”
USER=“root[root] @ localhost ”
HOST=“localhost”
OS_USER=“”
IP=“”
DB=“”
/>
COMMAND_CLASS column is the value being filtered when excluding commands from the audit log. Since in the above case COMMAND_CLASS is “execute_sql” every SQLTEXT will be audited even if it’s a select.
Regards
1 Like
Yes, This situation I would like to avoid!
I want to log all insert/updated/deletes only.
So I need to log all examples where we have COMMAND_CLASS=“execute_sql” and SQLTEXT=“insert/update/delete%".
So the question is how to exclude from audit selects which goes in the execute_sql?
I’m sorry, but previous answer don’t answer on this question. 
1 Like
Hi again,
Sorry if I was not clear enough.
You cannot exclude selects that are inside EXECUTE commands. Either you exclude the entire prepared statement execution, or you log everything.
Regards
1 Like
Hi,
I had hope that I missed something in the configuration. 
Thank you very much for your help.
1 Like