- 6.3 MySQL User Account Management
- 6.3.1 User Names and Passwords
- 6.3.2 Adding User Accounts
- 6.3.3 Removing User Accounts
- 6.3.4 Setting Account Resource Limits
- 6.3.5 Assigning Account Passwords
- 6.3.6 Password Expiration and Sandbox Mode
- 6.3.7 Pluggable Authentication
- 6.3.8 Proxy Users
- 6.3.9 Using SSL for Secure Connections
- 6.3.10 Connecting to MySQL Remotely from Windows with SSH
- 6.3.11 MySQL Enterprise Audit Log Plugin
- 6.3.12 SQL-Based MySQL Account Activity Auditing
[+/-]
MySQL Enterprise Audit is a commercial extension. To learn more about commercial products (MySQL Enterprise Edition), see http://www.mysql.com/products/.
As of MySQL 5.6.10, MySQL Enterprise Edition includes MySQL
Enterprise Audit, implemented using a server plugin named
audit_log. MySQL Enterprise Audit uses the open
MySQL Audit API to enable standard, policy-based monitoring and
logging of connection and query activity executed on specific
MySQL servers. Designed to meet the Oracle audit specification,
MySQL Enterprise Audit provides an out of box, easy to use
auditing and compliance solution for applications that are
governed by both internal and external regulatory guidelines.
When installed, the audit plugin enables MySQL Server to produce a log file containing an audit record of server activity. The log contents include when clients connect and disconnect, and what actions they perform while connected, such as which databases and tables they access.
After you install the plugin (see
Section 6.3.11.1, “Installing the Audit Log Plugin”), it writes an
audit log file. By default, the file is named
audit.log in the server data directory. To
change the name of the file, set the
audit_log_file system variable at
server startup.
Audit log file contents are not encrypted. See Section 6.3.11.2, “Audit Log Plugin Security Considerations”.
The audit log file is written in XML format, with auditable events
encoded as <AUDIT_RECORD> elements. For
details on file format and contents, see
Section 6.3.11.3, “The Audit Log File”.
To control what information audit_log writes to
its log file, set the
audit_log_policy system variable.
By default, this variable is set to ALL (write
all auditable events), but also permits values of
LOGINS or QUERIES to log
only login or query events, or NONE to disable
logging.
For more information about controlling how logging occurs, see Section 6.3.11.4, “Audit Log Plugin Logging Control”. For descriptions of the parameters used to configure the audit log plugin, see Section 6.3.11.5, “Audit Log Plugin Options and Variables”.
The Performance Schema (see Chapter 21, MySQL Performance Schema) has instrumentation for the audit log plugin. To identify the relevant instruments, use this query:
SELECT NAME FROM performance_schema.setup_instruments WHERE NAME LIKE '%/alog/%';
User Comments
Add your own comment.