MySQL audit logs returning very little information, and none of it meaningful
I'm experimenting with the MariaDB Audit Plugin, on an RDB MySQL 5.7.33 instance. And I don't appear to be getting much.
My settings are
SERVER_AUDIT_EXCL_USERS -
SERVER_AUDIT_FILE_PATH /rdsdbdata/log/audit/
SERVER_AUDIT_EVENTS CONNECT, QUERY
SERVER_AUDIT_FILE_ROTATIONS -
SERVER_AUDIT_QUERY_LOG_LIMIT 1024
SERVER_AUDIT FORCE_PLUS_PERMANENT
SERVER_AUDIT_INCL_USERS -
SERVER_AUDIT_LOGGING ON
SERVER_AUDIT_FILE_ROTATE_SIZE 4
When I look at the logs in the console, I see "audit/server_audit.log" and "audit/server_audit.log.1" through "audit/server_audit.log.9:"
When I attempt to view any of them, all I see is something on the order of this:
only a few very recent entries, none of them the slightest bit meaningful. And rather pointedly, absolutely none of the traffic I am personally generating is showing up.
- Newest
- Most votes
- Most comments
Turns out I misunderstood the semantics of one of the option group parameters:
I thought "SERVER_AUDIT_FILE_ROTATE_SIZE" meant to keep 4 rotations. Not to rotate as soon as it hit 4 bytes. Changing that parameter to 65535 and cycling the option group solved the problem.
Maybe it's time for me to (as George Washington put it in a dispatch to the Continental Congress), "retire to the back-country, and live in a wigwam."
Relevant content
- asked a year ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
Days later, and still noting gets any bigger than a few hundred bytes, and it looks like the audit files are being constantly cleared and reset.