Documentation Home
MySQL 5.5 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 27.0Mb
PDF (A4) - 27.0Mb
PDF (RPM) - 25.6Mb
HTML Download (TGZ) - 6.5Mb
HTML Download (Zip) - 6.5Mb
HTML Download (RPM) - 5.6Mb
Man Pages (TGZ) - 158.5Kb
Man Pages (Zip) - 261.7Kb
Info (Gzip) - 2.6Mb
Info (Zip) - 2.6Mb
Excerpts from this Manual

MySQL 5.5 Reference Manual  /  ...  /  Audit Log Options and System Variables

6.5.2.7 Audit Log Options and System Variables

This section describes the command options and system variables that control operation of MySQL Enterprise Audit. If values specified at startup time are incorrect, the audit log plugin may fail to initialize properly and the server does not load it. In this case, the server may also produce error messages for other audit log settings because it will not recognize them.

To control the activation of the audit_log plugin, use this option:

If the audit log plugin is enabled, it exposes several system variables that permit control over logging:

mysql> SHOW VARIABLES LIKE 'audit_log%';
+--------------------------+--------------+
| Variable_name            | Value        |
+--------------------------+--------------+
| audit_log_buffer_size    | 1048576      |
| audit_log_file           | audit.log    |
| audit_log_flush          | OFF          |
| audit_log_policy         | ALL          |
| audit_log_rotate_on_size | 0            |
| audit_log_strategy       | ASYNCHRONOUS |
+--------------------------+--------------+

You can set any of these variables at server startup, and some of them at runtime.

  • audit_log_buffer_size

    Property Value
    Command-Line Format --audit-log-buffer-size=value
    Introduced 5.5.28
    System Variable audit_log_buffer_size
    Scope Global
    Dynamic No
    Type (64-bit platforms) integer
    Type (32-bit platforms) integer
    Default (64-bit platforms) 1048576
    Default (32-bit platforms) 1048576
    Minimum (64-bit platforms) 4096
    Minimum (32-bit platforms) 4096
    Maximum (64-bit platforms) 18446744073709547520
    Maximum (32-bit platforms) 4294967295

    When the audit log plugin writes events to the log asynchronously, it uses a buffer to store event contents prior to writing them. This variable controls the size of that buffer, in bytes. The server adjusts the value to a multiple of 4096. The plugin uses a single buffer, which it allocates when it initializes and removes when it terminates. The plugin allocates this buffer only if logging is asynchronous.

    This variable was added in MySQL 5.5.28.

  • audit_log_file

    Property Value
    Command-Line Format --audit-log-file=file_name
    Introduced 5.5.28
    System Variable audit_log_file
    Scope Global
    Dynamic No
    Type file name
    Default audit.log

    The name of the file to which the audit log plugin writes events. The default value is audit.log. If the file name is a relative path, the server interprets it relative to the data directory. For security reasons, the audit log file should be written to a directory accessible only to the MySQL server and to users with a legitimate reason to view the log.

    This variable was added in MySQL 5.5.28.

  • audit_log_flush

    Property Value
    Introduced 5.5.28
    System Variable audit_log_flush
    Scope Global
    Dynamic Yes
    Type boolean
    Default OFF

    When this variable is set to enabled (1 or ON), the audit log plugin closes and reopens its log file to flush it. (The value remains OFF so that you need not disable it explicitly before enabling it again to perform another flush.) Enabling this variable has no effect unless audit_log_rotate_on_size is 0.

    This variable was added in MySQL 5.5.28.

  • audit_log_format

    Property Value
    Command-Line Format --audit-log-format=value
    Introduced 5.5.34
    System Variable audit_log_format
    Scope Global
    Dynamic No
    Type (>= 5.5.34) enumeration
    Default (>= 5.5.34) OLD
    Valid Values (>= 5.5.34) OLD
    NEW

    The audit log file format. Permitted values are OLD and NEW (default OLD). For details about each format, see Section 6.5.2.3, “Audit Log File Formats”.

    Changing the value of audit_log_format can result in writing log entries in one format to an existing log file that contains entries in a different format. To avoid this issue, use the procedure described at Audit Log File Format.

    This variable was added in MySQL 5.5.34.

  • audit_log_policy

    Property Value
    Command-Line Format --audit-log-policy=value
    Introduced 5.5.28
    System Variable audit_log_policy
    Scope Global
    Dynamic Yes
    Type enumeration
    Default ALL
    Valid Values ALL
    LOGINS
    QUERIES
    NONE

    The policy controlling the information written by the audit log plugin to its log file. The following table shows the permitted values.

    ValueDescription
    ALLLog all events
    NONELog nothing (disable the audit stream)
    LOGINSLog only login events
    QUERIESLog only query events

    This variable was added in MySQL 5.5.28.

  • audit_log_rotate_on_size

    Property Value
    Command-Line Format --audit-log-rotate-on-size=N
    Introduced 5.5.28
    System Variable audit_log_rotate_on_size
    Scope Global
    Dynamic Yes
    Type integer
    Default 0

    If the audit_log_rotate_on_size value is 0, the audit log plugin does not perform automatic log file rotation. Instead, use audit_log_flush to close and reopen the log on demand. In this case, manually rename the file externally to the server before flushing it.

    If the audit_log_rotate_on_size value is greater than 0, automatic size-based log file rotation occurs. Whenever a write to the log file causes its size to exceed the audit_log_rotate_on_size value, the audit log plugin closes the current log file, renames it, and opens a new log file.

    For more information about audit log file rotation, see Audit Log File Space Management and Name Rotation.

    If you set this variable to a value that is not a multiple of 4096, it is truncated to the nearest multiple. (Thus, setting it to a value less than 4096 has the effect of setting it to 0 and no rotation occurs, except manually.)

    This variable was added in MySQL 5.5.28.

  • audit_log_strategy

    Property Value
    Command-Line Format --audit-log-strategy=value
    Introduced 5.5.28
    System Variable audit_log_strategy
    Scope Global
    Dynamic No
    Type enumeration
    Default ASYNCHRONOUS
    Valid Values ASYNCHRONOUS
    PERFORMANCE
    SEMISYNCHRONOUS
    SYNCHRONOUS

    The logging method used by the audit log plugin. These strategy values are permitted:

    • ASYNCHRONOUS: Log asynchronously. Wait for space in the output buffer.

    • PERFORMANCE: Log asynchronously. Drop requests for which there is insufficient space in the output buffer.

    • SEMISYNCHRONOUS: Log synchronously. Permit caching by the operating system.

    • SYNCHRONOUS: Log synchronously. Call sync() after each request.

    This variable was added in MySQL 5.5.28.


User Comments
Sign Up Login You must be logged in to post a comment.