Getting null when running audit_log_read

MySQL & MariaDB Percona Distribution for MySQL
1

I have audit filter running ( logging connections and drop/create/alter user) in the json format.

It have tested that it is logging correctly in the json format.

root@localhost (none)> SHOW VARIABLES LIKE ‘audit_log_filter_format’;
±------------------------±------+
| Variable_name | Value |
±------------------------±------+
| audit_log_filter.format | JSON |
±------------------------±------+
1 row in set (0.01 sec)

root@localhost (none)> SHOW VARIABLES LIKE ‘audit_log_filter_file’;
±----------------------±-----------------+
| Variable_name | Value |
±----------------------±-----------------+
| audit_log_filter.file | audit_filter.log |
±----------------------±-----------------+
1 row in set (0.01 sec)

I am trying to run audit log read but I am not getting anything. I see the audit_filter log getting populated every few seconds in the json format. My database version is 8.4.5

root@localhost (none)> SELECT audit_log_read(audit_log_read_bookmark());
±------------------------------------------+
| audit_log_read(audit_log_read_bookmark()) |
±------------------------------------------+
| [
null
]
|
±------------------------------------------+
1 row in set (0.61 sec)

root@localhost (none)> SELECT audit_log_read();
ERROR 3200 (HY000): audit_log_read UDF failed; Wrong argument format

2

I tried the documentation in https://dev.mysql.com/blog-archive/audit-logs-json-format-logging/

Still no luck,

root@localhost (none)> SELECT audit_log_read_bookmark();
±---------------------------------------------------+
| audit_log_read_bookmark() |
±---------------------------------------------------+
| {“timestamp”: “2026-02-03 17:24:11”, “id”: 362018} |
±---------------------------------------------------+
1 row in set (0.00 sec)

root@localhost (none)> select audit_log_read(‘{ “timestamp”: “2026-02-03 17:24:11”, “id”: 362018}’);
±----------------------------------------------------------------------+
| audit_log_read(‘{ “timestamp”: “2026-02-03 17:24:11”, “id”: 362018}’) |
±----------------------------------------------------------------------+
| [
null
]
|
±----------------------------------------------------------------------+
1 row in set (0.00 sec)

root@localhost (none)> SELECT audit_log_read();
ERROR 3200 (HY000): audit_log_read UDF failed; Wrong argument format

3

Can you try to manually read the audit log file content in a pretty format like below?

cat audit_filter.log | jq '.' | less

4

it gives a parse error because the audit filter log doesnt have a closing bracket when it is being written to.

“parse error: Unfinished JSON term at EOF at line 1709585, column 3
(END)”

thats why I am trying to run the audit_log_read because that is the only way to easily get alerts according to the percona documentation.

5

is there a workaround for this that does not involve closing the audit filter log and creating a new one?

I see this ticket and it i’m not sure if this is fixed yet.