Hello experts,
I created audit filter to audit failed logins for application user, isnt working as expected
SELECT audit_log_filter_set_filter(‘audit_FL’, ‘{
“filter”: {“class”: [{“name”: “connection”,“event”: [{ “name”: “failed_login” }]}]}}’);
1 row in set (0.01 sec)
select audit_log_filter_set_user(‘appsuser@%’,‘audit_FL’);
1 row in set (0.00 sec)
Tested failed login for user appsuser, didnt find any audit logs for failed logins
Is the event name correct
This did the trick :
SELECT audit_log_filter_set_filter(‘audit_FL’,
‘{“filter”:{“class”:{“name”:“connection”,“event”:{“log”:{“not”:{“field”:{“name”:“status”,“value”:“0”}}},“name”:“connect”}}}}’);
1 row in set (0.01 sec)
Able to log only failed logins
Hi,
Glad to hear that, yes, failed_login is mot a valid event name, more details can be found here: Write audit_log_filter definitons - Percona Server for MySQL
Unanswered | Unsolved | Solved
MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright © 2006 - 2024 Percona LLC. All rights reserved.