Audit Log Filter overview¶
The feature is in tech preview.
The Audit Log Filter plugin allows you to monitor, log, and block a connection or query actively executed on the selected server.
Enabling the plugin produces a log file that contains a record of server activity. The log file has information on connections and databases accessed by that connection.
The plugin uses the
mysql system database to store filter and user account data. Set the
audit_log_filter_database variable at server startup to select a different database.
AUDIT_ADMIN privilege is required to enable users to manage the Audit Log Filter plugin.
Define the privilege at runtime at the startup of the server. The associated Audit Log Filter privilege can be unavailable if the plugin is not enabled.
This privilege is defined by the server and enables the user to configure the plugin.
This privilege allows queries from a user account to always be executed. An
abort item does not block them. This ability lets the user account regain access to a system if an audit is misconfigured. The query is logged due to the privilege. User accounts with the
SYSTEM_USER privilege have the
Audit Log Filter tables¶
The Audit Log Filter plugin uses
mysql system database tables in the
InnoDB storage engine. These tables store user account data and filter data. When you start the server, change the plugin’s database with the
audit_log_filter table stores the definitions of the filters and has the following column definitions:
|NAME||Name of the filter|
|FILTER||Definition of the filter linked to the name as a JSON value|
audit_log_user table stores account data and has the following column definitions:
|USER||The account name of the user|
|HOST||The account name of the host|
|FILTERNAME||The account filter name|