MySQL 5.6 Release Notes
The following discussion serves as a reference to MySQL Enterprise Audit components:
Table 6.17 Audit Log Option/Variable Reference
| Name | Cmd-Line | Option File | System Var | Status Var | Var Scope | Dynamic |
|---|---|---|---|---|---|---|
| audit-log | Yes | Yes | ||||
| audit_log_buffer_size | Yes | Yes | Yes | Global | No | |
| audit_log_connection_policy | Yes | Yes | Yes | Global | Yes | |
| audit_log_current_session | Yes | Both | No | |||
| Audit_log_current_size | Yes | Global | No | |||
| Audit_log_event_max_drop_size | Yes | Global | No | |||
| Audit_log_events | Yes | Global | No | |||
| Audit_log_events_filtered | Yes | Global | No | |||
| Audit_log_events_lost | Yes | Global | No | |||
| Audit_log_events_written | Yes | Global | No | |||
| audit_log_exclude_accounts | Yes | Yes | Yes | Global | Yes | |
| audit_log_file | Yes | Yes | Yes | Global | No | |
| audit_log_flush | Yes | Global | Yes | |||
| audit_log_format | Yes | Yes | Yes | Global | No | |
| audit_log_include_accounts | Yes | Yes | Yes | Global | Yes | |
| audit_log_policy | Yes | Yes | Yes | Global | Varies | |
| audit_log_rotate_on_size | Yes | Yes | Yes | Global | Yes | |
| audit_log_statement_policy | Yes | Yes | Yes | Global | Yes | |
| audit_log_strategy | Yes | Yes | Yes | Global | No | |
| Audit_log_total_size | Yes | Global | No | |||
| Audit_log_write_waits | Yes | Global | No |
This section describes the command options and system
variables that control operation of MySQL Enterprise Audit. If values
specified at startup time are incorrect, the
audit_log plugin may fail to initialize
properly and the server does not load it. In this case, the
server may also produce error messages for other audit log
settings because it will not recognize them.
To control the activation of the audit_log
plugin, use this option:
-
Introduced 5.6.10 Command-Line Format --audit-log[=value]Permitted Values Type enumerationDefault ONValid Values ONOFFFORCEFORCE_PLUS_PERMANENTThis option controls how the server loads the
audit_logplugin at startup. It is available only if the plugin has been previously registered withINSTALL PLUGINor is loaded with--plugin-load. See Section 6.5.3.1, “Installing MySQL Enterprise Audit”.The option value should be one of those available for plugin-loading options, as described in Section 5.5.2, “Installing and Uninstalling Plugins”. For example,
--audit-log=FORCE_PLUS_PERMANENTtells the server to load the plugin at startup and prevents it from being removed while the server is running.
If the audit_log plugin is enabled, it
exposes several system variables that permit control over
logging:
mysql> SHOW VARIABLES LIKE 'audit_log%';
+-----------------------------+--------------+
| Variable_name | Value |
+-----------------------------+--------------+
| audit_log_buffer_size | 1048576 |
| audit_log_connection_policy | ALL |
| audit_log_current_session | ON |
| audit_log_exclude_accounts | |
| audit_log_file | audit.log |
| audit_log_flush | OFF |
| audit_log_format | OLD |
| audit_log_include_accounts | |
| audit_log_policy | ALL |
| audit_log_rotate_on_size | 0 |
| audit_log_statement_policy | ALL |
| audit_log_strategy | ASYNCHRONOUS |
+-----------------------------+--------------+
You can set any of these variables at server startup, and some of them at runtime.
-
Introduced 5.6.10 Command-Line Format --audit_log_buffer_size=valueSystem Variable Name audit_log_buffer_sizeVariable Scope Global Dynamic Variable No Permitted Values (32-bit platforms) Type integerDefault 1048576Min Value 4096Max Value 4294967295Permitted Values (64-bit platforms) Type integerDefault 1048576Min Value 4096Max Value 18446744073709547520When the audit log plugin writes events to the log asynchronously, it uses a buffer to store event contents prior to writing them. This variable controls the size of that buffer, in bytes. The server adjusts the value to a multiple of 4096. The plugin uses a single buffer, which it allocates when it initializes and removes when it terminates. The plugin allocates this buffer only if logging is asynchronous.
-
Introduced 5.6.20 Command-Line Format --audit_log_connection_policy=valueSystem Variable Name audit_log_connection_policyVariable Scope Global Dynamic Variable Yes Permitted Values Type enumerationDefault ALLValid Values ALLERRORSNONEThe policy controlling how the audit log plugin writes connection events to its log file. The following table shows the permitted values.
Value Description ALLLog all connection events ERRORSLog only failed connection events NONEDo not log connection events NoteAt server startup, any explicit value given for
audit_log_connection_policymay be overridden ifaudit_log_policyis also specified, as described in Section 6.5.3.4, “Audit Log Logging Control”. -
Introduced 5.6.20 System Variable Name audit_log_current_sessionVariable Scope Global, Session Dynamic Variable No Permitted Values Type booleanDefault depends on filtering policyWhether audit logging is enabled for the current session. The session value of this variable is read only. It is set when the session begins based on the values of the
audit_log_include_accountsandaudit_log_exclude_accountssystem variables. The audit log plugin uses the session value to determine whether to audit events for the session. (There is a global value, but the plugin does not use it.) -
Introduced 5.6.20 Command-Line Format --audit_log_exclude_accounts=valueSystem Variable Name audit_log_exclude_accountsVariable Scope Global Dynamic Variable Yes Permitted Values Type stringDefault NULLThe accounts for which events should not be logged. The value should be
NULLor a string containing a list of one or more comma-separated account names. For more information, see Section 6.5.3.4, “Audit Log Logging Control”.Modifications to
audit_log_exclude_accountsaffect only connections created subsequent to the modification, not existing connections. -
Introduced 5.6.10 Command-Line Format --audit_log_file=file_nameSystem Variable Name audit_log_fileVariable Scope Global Dynamic Variable No Permitted Values Type file nameDefault audit.logThe name of the file to which the audit log plugin writes events. The default value is
audit.log. If the value ofaudit_log_fileis a relative path name, the server interprets it relative to the data directory. If the value is a full path name, the server uses the value as is. A full path name may be useful if it is desirable to locate audit files on a separate file system or directory. For security reasons, the audit log file should be written to a directory accessible only to the MySQL server and users with a legitimate reason to view the log. For more information, see Section 6.5.3.4, “Audit Log Logging Control”. -
Introduced 5.6.10 System Variable Name audit_log_flushVariable Scope Global Dynamic Variable Yes Permitted Values Type booleanDefault OFFWhen this variable is set to enabled (1 or
ON), the audit log plugin closes and reopens its log file to flush it. (The value remainsOFFso that you need not disable it explicitly before enabling it again to perform another flush.) Enabling this variable has no effect unlessaudit_log_rotate_on_sizeis 0. For more information, see Section 6.5.3.4, “Audit Log Logging Control”. -
Introduced 5.6.14 Command-Line Format --audit_log_format=valueSystem Variable Name audit_log_formatVariable Scope Global Dynamic Variable No Permitted Values (>= 5.6.14) Type enumerationDefault OLDValid Values OLDNEWThe audit log file format. Permitted values are
OLDandNEW(defaultOLD). For details about each format, see Section 6.5.3.3, “The Audit Log File”.If you change the value of
audit_log_format, use this procedure to avoid writing log entries in one format to an existing log file that contains entries in a different format:Stop the server.
Rename the current audit log file manually.
Restart the server with the new value of
audit_log_format. The audit log plugin will create a new log file, which will contain log entries in the selected format.
-
Introduced 5.6.20 Command-Line Format --audit_log_include_accounts=valueSystem Variable Name audit_log_include_accountsVariable Scope Global Dynamic Variable Yes Permitted Values Type stringDefault NULLThe accounts for which events should be logged. The value should be
NULLor a string containing a list of one or more comma-separated account names. For more information, see Section 6.5.3.4, “Audit Log Logging Control”.Modifications to
audit_log_include_accountsaffect only connections created subsequent to the modification, not existing connections. -
Introduced 5.6.10 Command-Line Format --audit_log_policy=valueSystem Variable (<= 5.6.19) Name audit_log_policyVariable Scope Global Dynamic Variable Yes System Variable (>= 5.6.20) Name audit_log_policyVariable Scope Global Dynamic Variable No Permitted Values Type enumerationDefault ALLValid Values ALLLOGINSQUERIESNONEThe policy controlling how the audit log plugin writes events to its log file. The following table shows the permitted values.
Value Description ALLLog all events LOGINSLog only login events QUERIESLog only query events NONELog nothing (disable the audit stream) As of MySQL 5.6.20,
audit_log_policycan be set only at server startup. At runtime, it is a read-only variable. This is due to the introduction of two other system variables,audit_log_connection_policyandaudit_log_statement_policy, that provide finer control over logging policy and that can be set either at startup or at runtime. If you continue to useaudit_log_policyat startup instead of the other two variables, the server uses its value to set those variables. For more information about the policy variables and their interaction, see Section 6.5.3.4, “Audit Log Logging Control”.Before MySQL 5.6.20, the
audit_log_connection_policyandaudit_log_statement_policysystem variables do not exist.audit_log_policyis the only policy control variable and it can be set at server startup or runtime. -
Introduced 5.6.10 Command-Line Format --audit_log_rotate_on_size=NSystem Variable Name audit_log_rotate_on_sizeVariable Scope Global Dynamic Variable Yes Permitted Values Type integerDefault 0If the
audit_log_rotate_on_sizevalue is greater than 0, the audit log plugin closes and reopens its log file if a write to the file causes its size to exceed this value. The original file is renamed to have a timestamp extension.If the
audit_log_rotate_on_sizevalue is 0, the plugin does not close and reopen its log based on size. Instead, useaudit_log_flushto close and reopen the log on demand. In this case, rename the file externally to the server before flushing it.For more information about audit log file rotation and timestamp interpretation, see Section 6.5.3.4, “Audit Log Logging Control”.
If you set this variable to a value that is not a multiple of 4096, it is truncated to the nearest multiple. (Thus, setting it to a value less than 4096 has the effect of setting it to 0 and no rotation occurs.)
-
Introduced 5.6.20 Command-Line Format --audit_log_statement_policy=valueSystem Variable Name audit_log_statement_policyVariable Scope Global Dynamic Variable Yes Permitted Values Type enumerationDefault ALLValid Values ALLERRORSNONEThe policy controlling how the audit log plugin writes statement events to its log file. The following table shows the permitted values.
Value Description ALLLog all statement events ERRORSLog only failed statement events NONEDo not log statement events NoteAt server startup, any explicit value given for
audit_log_statement_policymay be overridden ifaudit_log_policyis also specified, as described in Section 6.5.3.4, “Audit Log Logging Control”. -
Introduced 5.6.10 Command-Line Format --audit_log_strategy=valueSystem Variable Name audit_log_strategyVariable Scope Global Dynamic Variable No Permitted Values Type enumerationDefault ASYNCHRONOUSValid Values ASYNCHRONOUSPERFORMANCESEMISYNCHRONOUSSYNCHRONOUSThe logging method used by the audit log plugin. The following table describes the permitted values.
Table 6.18 Audit Log Strategies
Value Meaning ASYNCHRONOUSLog asynchronously, wait for space in output buffer PERFORMANCELog asynchronously, drop request if insufficient space in output buffer SEMISYNCHRONOUSLog synchronously, permit caching by operating system SYNCHRONOUSLog synchronously, call sync()after each request
If the audit_log plugin is enabled, it
exposes several status variables that provide operational
information.
The size of the current audit log file. The value increases when an event is written to the log and is reset to 0 when the log is rotated.
The size of the largest dropped event in performance logging mode. For a description of logging modes, see Section 6.5.3.4, “Audit Log Logging Control”.
The number of events handled by the audit log plugin, whether or not they were written to the log based on filtering policy (see Section 6.5.3.4, “Audit Log Logging Control”).
The number of events handled by the audit log plugin that were filtered (not written to the log) based on filtering policy (see Section 6.5.3.4, “Audit Log Logging Control”).
The number of events lost in performance logging mode because an event was larger than than the available audit log buffer space. This value may be useful for assessing how to set
audit_log_buffer_sizeto size the buffer for performance mode. For a description of logging modes, see Section 6.5.3.4, “Audit Log Logging Control”.The number of events written to the audit log.
The total size of events written to all audit log files. Unlike
Audit_log_current_size, the value ofAudit_log_total_sizeincreases even when the log is rotated.The number of times an event had to wait for space in the audit log buffer in asynchronous logging mode. For a description of logging modes, see Section 6.5.3.4, “Audit Log Logging Control”.