Defining rules for audit log filter component (v8.0 / 8.4)

MySQL & MariaDB Percona Server for MySQL 8.0
1

Dear Percona community,

I am struggling to configure the rules for the audit log filter component. I would like to filter events in a way that only certain sql commands are logged.
This is what I have so far:
“filter”: {
“class”:
{
“name”: “query”,
“event”: {
“name”: “start”
}
}
}

This filter successfully logs all query_start events in the class query. I now want to add functionality so that only the following sql commands are logged:
SELECT
CREATE TABLE
DROP TABLE
I tried to do this by accessing the “sql_command”-field but could not get it to work.
Could someone help me with this? Thank you all :slight_smile:

2

Hell @audit_4852,

I’ve just started a new discussion Write audit_log_filter definitons about writing rules for this component. In your case I think something like this can help you :

{
  "filter": {
    "class": [
      {
        "name": "query",
        "event": {
          "name": "start",
          "log": {
              "or": [
                { "field": { "name": "sql_command_id", "value": "select"} },
                { "field": { "name": "sql_command_id", "value": "create_table"} },
                { "field": { "name": "sql_command_id", "value": "drop_table"} }
              ]
          }
        }
      }
    ]
  }
}
3

Hello @dba_S4dscjz,

thanks for your reply :slight_smile:
This did indeed solve my problem

1 Like