Percona for mysql 8.4
Ubuntu 24.04
I configured the server to use audit log component.
- I create the filter below to log connections and admin commands, and assigned it to ‘%’. It only captured only connections but not admin commands issued. Same issue obtained when I assigned the filter to a specific account like root@localhost.
SELECT audit_log_filter_set_filter(
'log_connections_and_admin_commands',
'{
"filter": {
"class": [
{
"name": "connection",
"event": [
{ "name": "connect" },
{ "name": "disconnect" }
]
},
{
"name": "general",
"event": [
{
"name": "query",
"log": {
"or": [
{ "field": { "name": "general_sql_command.str", "value": "create_db" } },
{ "field": { "name": "general_sql_command.str", "value": "drop_db" } },
{ "field": { "name": "general_sql_command.str", "value": "alter_db" } },
{ "field": { "name": "general_sql_command.str", "value": "create_user" } },
{ "field": { "name": "general_sql_command.str", "value": "alter_user" } },
{ "field": { "name": "general_sql_command.str", "value": "drop_user" } }
]
}
}
]
}
]
}
}'
);
SELECT audit_log_filter_set_user('%', 'log_connections_and_admin_commands');
- I then tried a filter that monitors connections and queries without the ‘log’ (see below) and assigned it to first ‘%’ then to a specific account. Same issue: connections were logged but not admin commands.
SELECT audit_log_filter_set_filter(
‘log_connections_and_query’,
‘{
“filter”: {
“class”: [
{
“name”: “connection”,
“event”: [
{ “name”: “connect” },
{ “name”: “disconnect” }
]
},
{
“name”: “general”,
“event”: [
{
“name”: “query”
}
]
}
]
}
}’
);
- i then tried a new filter that captures queries only (no connections). Again, it still does not capture my admin commands.
SELECT audit_log_filter_set_filter(
‘log_query’,
‘{
“filter”: {
“class”: [
{
“name”: “general”,
“event”: [
{
“name”: “query”
}
]
}
]
}
}’
);
Question: What could be the issue? Are my filters not defined correctly?
Thanks.