Skip to content
logo
Percona Server for MySQL
Filter the Audit Log Filter logs
Initializing search
    percona/psmysql-docs
    percona/psmysql-docs
    • Home
      • Release notes index
      • Percona Server for MySQL 8.0.34-26 (2023-09-26)
      • Percona Server for MySQL 8.0.33-25 Update (2023-08-02)
      • Percona Server for MySQL 8.0.33-25 (2023-06-15)
      • Percona Server for MySQL 8.0.32-24 (2023-03-20)
      • Percona Server for MySQL 8.0.31-23 (2023-02-09)
        • Percona Server for MySQL 8.0.30-22 Update (2022-11-21)
        • Percona Server for MySQL 8.0.30-22 (2022-11-21)
        • Percona Server for MySQL 8.0.29-21 (2022-08-08)
        • Percona Server for MySQL 8.0.28-20 (2022-06-20)
        • Percona Server for MySQL 8.0.28-19 (2022-05-12)
        • Percona Server for MySQL 8.0.27-18 (2022-03-02)
        • Percona Server for MySQL 8.0.26-17 (2022-01-26)
        • Percona Server for MySQL 8.0.26-16 (2021-10-20)
        • Percona Server for MySQL 8.0.25-15 (2021-07-13)
        • Percona Server for MySQL 8.0.23-14 (2021-05-12)
        • Percona Server for MySQL 8.0.22-13 (2020-12-14)
        • Percona Server for MySQL 8.0.21-12 (2020-10-13)
        • Percona Server for MySQL 8.0.20-11 (2020-07-21)
        • Percona Server for MySQL 8.0.19-10 (2020-03-23)
        • Percona Server for MySQL 8.0.18-9
        • Percona Server for MySQL 8.0.17-8
        • Percona Server for MySQL 8.0.16-7
        • Percona Server for MySQL 8.0.15-6
        • Percona Server for MySQL 8.0.15-5
        • Percona Server for MySQL 8.0.14
        • Percona Server for MySQL 8.0.13-4
        • Percona Server for MySQL 8.0.13-3
        • Percona Server for MySQL 8.0.12-2rc1
      • Adaptive network buffers
        • Audit Log Filter overview
        • Install the Audit Log Filter
          • Overview
          • XML (New style)
          • XML (Old style)
          • JSON
        • Audit Log Filter security
        • Audit Log Filter compression and encryption
        • Reading Audit Log Filter files
        • Manage the Audit Log Filter files
        • Filter the Audit Log Filter logs
          • Audit Log Filter functions
          • Constraints
          • Using the audit log filter functions
        • Audit Log Filter restrictions
        • Audit Log Filter file naming conventions
        • Disable Audit Log Filter logging
        • Audit log filter functions, options and variables
        • Uninstall Audit Log Filter
      • Limiting the disk space used by binary log files
      • Extended mysqlbinlog
      • Extended SELECT INTO OUTFILE/DUMPFILE
      • Expanded fast index creation
      • Kill idle transactions
      • The ProcFS plugin
      • Support for PROXY protocol
      • SEQUENCE_TABLE(n) function
      • Slow query log rotation and expiration
      • Thread pool
      • Trigger updates
      • Percona Toolkit UDFs
      • Utility user
      • Quickstart guide for Percona Server for MySQL
      • Install Percona Server for MySQL from repositories
        • Percona Product Download Instructions
        • Use APT repositories
        • Files in DEB package
        • Build APT packages
        • Downloaded DEB packages
        • Apt pinning
        • Run Percona Server for MySQL
        • Uninstall
        • Use RPM repositories
        • Files in RPM package
        • Downloaded RPM packages
        • Run Percona Server for MySQL
        • Uninstall
        • Install with binary tarballs
        • Binary tarballs available
        • Install Percona Server for MySQL from a source tarball
        • Compile Percona Server for MySQL 8.0 from source
        • Install using Docker
        • Docker environment variables
      • Upgrade from 5.7 to 8.0 overview
      • Plan an upgrade
      • Upgrade strategies
        • General changes
        • InnoDB changes
        • Security & account management changes in MySQL 8.0
        • Deprecated in MySQL 8.0
        • Removed in MySQL 8.0
      • Percona Tools that can help with an upgrade
      • Percona Server for MySQL in-place upgrade guide: from 5.7 to 8.0
      • Upgrade by migrating from one environment to another
      • Upgrade using the Percona repositories
      • Upgrade from systems that use the MyRocks or TokuDB storage engine and partitioned tables
      • Upgrade using Standalone Packages
      • Downgrade Percona Server for MySQL
      • Working with AppArmor
      • Binary logs and replication improvements
      • Post-installation
      • Working with SELinux
      • Extended SHOW GRANTS
      • UNINSTALL COMPONENT
      • Backup and restore overview
      • Backup locks
      • Extended mysqldump
      • Start transaction with consistent snapshot
        • Using LDAP authentication plugins
        • LDAP authentication plugin system variables
        • Data masking overview
        • Compare the data masking component to the data masking plugin
          • Install the data masking component
          • Data masking component functions
          • Uninstall the data masking component
          • Install and remove the data masking plugin
          • Data masking plugin functions
      • FIDO authentication plugin
      • Encryption functions
      • PAM authentication plugin
      • SSL improvements
      • The secure_log_path variable
        • Data at Rest Encryption
        • Use the keyring component or keyring plugin
          • Using the Key Management Interoperability Protocol (KMIP)
          • Use the Amazon Key Management Service (AWS KMS)
          • Encrypt File-Per-Table Tablespace
          • Encrypt schema or general tablespace
          • Encrypt system tablespace
          • Encrypt temporary files
          • Encrypt Binary Log Files and Relay Log Files
          • Encrypting the Redo Log data
          • Encrypt the undo tablespace
          • Rotate the master key
          • Advanced encryption key rotation
          • Encrypt doublewrite buffers
          • Verify the encryption for tables, tablespaces, and schemas
      • Manage group replication flow control
      • Group replication system variables
      • Audit log plugin
      • Jemalloc memory allocation profiling
      • Misc. INFORMATION_SCHEMA tables
      • Process list
      • Slow query log
      • User statistics
      • Use Percona Monitoring and Management (PMM) Advisors
      • Handle corrupted tables
      • Libcoredumper
      • Too many connections warning
      • Stacktrace
      • Thread based profiling
        • Multiple page asynchronous I/O requests
        • XtraDB changed page tracking
        • Compressed columns with dictionaries
        • Enforcing storage engine
        • Improved MEMORY storage engine
        • InnoDB page fragmentation counters
        • InnoDB full-text search improvements
        • Improved InnoDB I/O scalability
        • Extended show engine InnoDB status
        • The Percona XtraDB storage engine
        • Prefix index queries optimization
        • Limit the estimation of records in a Query
        • Show storage engines
        • XtraDB performance improvements for I/O-bound highly-concurrent workloads
        • Percona MyRocks introduction
        • Percona MyRocks installation guide
        • Updated supported features
        • MyRocks limitations
        • Differences between Percona MyRocks and Facebook MyRocks
        • MyRocks column families
        • Performance Schema MyRocks changes
        • MyRocks Information Schema tables
        • MyRocks server variables
        • MyRocks status variables
        • Gap locks detection
        • MyRocks data loading
        • Installing and configuring Percona Server for MySQL with ZenFS support
        • TokuDB introduction
        • Get started with TokuDB
        • TokuDB installation
        • Use TokuDB
        • Fast updates with TokuDB
        • TokuDB files and file types
        • TokuDB file management
        • TokuDB background ANALYZE TABLE
        • TokuDB variables
        • TokuDB status variables
        • TokuDB fractal tree indexing
        • TokuDB troubleshooting
        • TokuDB Performance Schema integration
        • TokuDB frequently asked questions
        • Migrate and remove the TokuDB storage engine
        • Percona TokuBackup
      • Topic index
      • Reserved keywords
      • List of variables introduced in Percona Server for MySQL 8.0
      • List of features available in Percona Server for MySQL releases
      • Percona Server for MySQL feature comparison
      • Understand version numbers
      • Development of Percona Server for MySQL
      • Trademark policy
      • Index of INFORMATION_SCHEMA tables
      • Frequently asked questions
      • Copyright and licensing information
      • Glossary

    • Audit Log Filter functions
    • Constraints
    • Using the audit log filter functions

    Filter the Audit Log Filter logs¶

    The feature is in tech preview.

    The audit filter log filtering is based on rules. The filter rule definition has the ability to include or exclude events based on the following attributes:

    • User account
    • Audit event class
    • Audit event subclass
    • Audit event fields (for example, COMMAND_CLASS or STATUS)

    You can define multiple filters and assign any filter to multiple accounts. You can also create a default filter for specific user accounts. The filters are defined using function calls. After the filter is defined, the filter is stored in mysql system tables.

    Audit Log Filter functions¶

    The Audit Log filter functions require AUDIT_ADMIN or SUPER privilege.

    The following functions are used for rule-based filtering:

    Function Description Example
    audit_log_filter_flush() Manually flush the filter tables SELECT audit_log_filter_flush()
    audit_log_filter_set_filter() Defines a filter SELECT audit_log_filter_set_filter('log_connections','{ "filter":{}}'’)
    audit_log_filter_remove_filter() Removes a filter
    audit_log_filter_set_user() Assigns a filter to a specific user account
    audit_log_filter_remove_user() Removes the filters from a specific user account

    Using a SQL interface, you can define, display, or modify audit log filters. The filters are stored in the mysql system database.

    A read-only variable, audit_log_filter_id, signals if a filter is assigned to a specific session.

    Filter definitions are JSON values.

    The function, audit_log_filter_flush(), forces reloading all filters and should only be invoked when modifying the audit tables. This function affects all users. Users in current sessions must either execute change-user or disconnect and reconnect.

    Constraints¶

    The audit_log_filter plugin must be enabled and the audit tables must exist to use the audit log filter functions. The user account must have the required privileges.

    Using the audit log filter functions¶

    With a new connection, the audit log filter plugin finds the user account name in the filter assignments. If a filter has been assigned, the plugin uses that filter. If no filter has been assigned, but there is a default account filter, the plugin uses that filter. If there is no filter assigned, and there is no default account filter, then the plugin does not process any event.

    The default account is represented by % as the account name.

    You can assign filters to a specific user account or disassociate a user account from a filter. To disassociate a user account, either unassign a filter or assign a different filter. If you remove a filter, that filter is unassigned from all users, including current users in current sessions.

    Contact us

    For free technical help, visit the Percona Community Forum.

    To report bugs or submit feature requests, open a JIRA ticket.

    For paid support and managed or consulting services , contact Percona Sales.


    Last update: 2023-09-26
    Percona LLC and/or its affiliates, © 2023
    Made with Material for MkDocs

    Cookie consent

    We use cookies to recognize your repeated visits and preferences, as well as to measure the effectiveness of our documentation and whether users find what they're searching for. With your consent, you're helping us to make our documentation better. Read more about Percona Cookie Policy.