Documentation Home
MySQL 5.5 Reference Manual
Related Documentation Download this Manual Excerpts from this Manual

MySQL 5.5 Reference Manual  /  ...  /  Audit Log Plugin Options and System Variables

6.3.11.6 Audit Log Plugin Options and System Variables

This section describes the command options and system variables that control operation of the audit log plugin. If values specified at startup time are incorrect, the plugin may fail to initialize properly and the server does not load it. In this case, the server may also produce error messages for other audit log settings because it will not recognize them.

To control the activation of the audit_log plugin, use this option:

If the audit_log plugin is installed, it exposes several system variables that permit control over logging. These variables are available only if the audit_log plugin is enabled.

mysql> SHOW VARIABLES LIKE 'audit_log%';
+--------------------------+--------------+
| Variable_name            | Value        |
+--------------------------+--------------+
| audit_log_buffer_size    | 1048576      |
| audit_log_file           | audit.log    |
| audit_log_flush          | OFF          |
| audit_log_policy         | ALL          |
| audit_log_rotate_on_size | 0            |
| audit_log_strategy       | ASYNCHRONOUS |
+--------------------------+--------------+

You can set any of these variables at server startup, and some of them at runtime.

  • audit_log_buffer_size

    Introduced5.5.28
    Command-Line Format--audit_log_buffer_size=value
    System VariableNameaudit_log_buffer_size
    Variable ScopeGlobal
    Dynamic VariableNo
    Permitted Values (32-bit platforms)Typeinteger
    Default1048576
    Min Value4096
    Max Value4294967295
    Permitted Values (64-bit platforms)Typeinteger
    Default1048576
    Min Value4096
    Max Value18446744073709547520

    When the audit log plugin writes events to the log asynchronously, it uses a buffer to store event contents prior to writing them. This variable controls the size of that buffer, in bytes. The server adjusts the value to a multiple of 4096. The plugin uses a single buffer, which it allocates when it initializes and removes when it terminates. The plugin allocates this buffer only if logging is asynchronous.

    This variable was added in MySQL 5.5.28.

  • audit_log_file

    Introduced5.5.28
    Command-Line Format--audit_log_file=file_name
    System VariableNameaudit_log_file
    Variable ScopeGlobal
    Dynamic VariableNo
    Permitted ValuesTypefile name
    Defaultaudit.log

    The name of the file to which the audit log plugin writes events. The default value is audit.log. If the file name is a relative path, the server interprets it relative to the data directory. For security reasons, the audit log file should be written to a directory accessible only to the MySQL server and users with a legitimate reason to view the log.

    This variable was added in MySQL 5.5.28.

  • audit_log_flush

    Introduced5.5.28
    System VariableNameaudit_log_flush
    Variable ScopeGlobal
    Dynamic VariableYes
    Permitted ValuesTypeboolean
    DefaultOFF

    When this variable is set to enabled (1 or ON), the audit log plugin closes and reopens its log file to flush it. (The value remains OFF so that you need not disable it explicitly before enabling it again to perform another flush.) Enabling this variable has no effect unless audit_log_rotate_on_size is 0.

    This variable was added in MySQL 5.5.28.

  • audit_log_format

    Introduced5.5.34
    Command-Line Format--audit_log_format=value
    System VariableNameaudit_log_format
    Variable ScopeGlobal
    Dynamic VariableNo
    Permitted Values (>= 5.5.34)Typeenumeration
    DefaultOLD
    Valid ValuesOLD
    NEW

    The audit log file format. Permitted values are OLD and NEW (default OLD). For details about each format, see Section 6.3.11.3, “The Audit Log File”.

    If you change the value of audit_log_format, use this procedure to avoid writing log entries in one format to an existing log file that contains entries in a different format:

    1. Stop the server.

    2. Rename the current audit log file manually.

    3. Restart the server with the new value of audit_log_format. The audit log plugin will create a new log file, which will contain log entries in the selected format.

    This variable was added in MySQL 5.5.34.

  • audit_log_policy

    Introduced5.5.28
    Command-Line Format--audit_log_policy=value
    System VariableNameaudit_log_policy
    Variable ScopeGlobal
    Dynamic VariableYes
    Permitted ValuesTypeenumeration
    DefaultALL
    Valid ValuesALL
    LOGINS
    QUERIES
    NONE

    The policy controlling the information written by the audit log plugin to its log file. The following table shows the permitted values.

    ValueDescription
    ALLLog all events
    NONELog nothing (disable the audit stream)
    LOGINSLog only login events
    QUERIESLog only query events

    This variable was added in MySQL 5.5.28.

  • audit_log_rotate_on_size

    Introduced5.5.28
    Command-Line Format--audit_log_rotate_on_size=N
    System VariableNameaudit_log_rotate_on_size
    Variable ScopeGlobal
    Dynamic VariableYes
    Permitted ValuesTypeinteger
    Default0

    If the audit_log_rotate_on_size value is greater than 0, the audit log plugin closes and reopens its log file if a write to the file causes its size to exceed this value. The original file is renamed to have a timestamp extension.

    If the audit_log_rotate_on_size value is 0, the plugin does not close and reopen its log based on size. Instead, use audit_log_flush to close and reopen the log on demand. In this case, rename the file externally to the server before flushing it.

    For more information about audit log file rotation and timestamp interpretation, see Section 6.3.11.4, “Audit Log Plugin Logging Control”.

    If you set this variable to a value that is not a multiple of 4096, it is truncated to the nearest multiple. (Thus, setting it to a value less than 4096 has the effect of setting it to 0 and no rotation occurs.)

    This variable was added in MySQL 5.5.28.

  • audit_log_strategy

    Introduced5.5.28
    Command-Line Format--audit_log_strategy=value
    System VariableNameaudit_log_strategy
    Variable ScopeGlobal
    Dynamic VariableNo
    Permitted ValuesTypeenumeration
    DefaultASYNCHRONOUS
    Valid ValuesASYNCHRONOUS
    PERFORMANCE
    SEMISYNCHRONOUS
    SYNCHRONOUS

    The logging method used by the audit log plugin. The following table describes the permitted values.

    Table 6.10 Audit Log Strategies

    ValueMeaning
    ASYNCHRONOUSLog asynchronously, wait for space in output buffer
    PERFORMANCELog asynchronously, drop request if insufficient space in output buffer
    SEMISYNCHRONOUSLog synchronously, permit caching by operating system
    SYNCHRONOUSLog synchronously, call sync() after each request

    This variable was added in MySQL 5.5.28.


User Comments
Sign Up Login You must be logged in to post a comment.