Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-11109

Make server_audit_excl_users have effect on connection logging

Details

    Description

      Simple test

      INSTALL PLUGIN server_audit SONAME 'server_audit';
      set global server_audit_logging=1;
      set global server_audit_events=connect;
      set global server_audit_excl_users=root;

      Login/out

      Connections are still logged:
      20161023 11:52:40,thinkpad,root,localhost,8,13,QUERY,,'set global server_audit_logging=1',0
      20161023 11:53:05,thinkpad,root,localhost,8,0,DISCONNECT,,,0
      20161023 11:53:09,thinkpad,root,localhost,9,0,CONNECT,,,0
      20161023 11:53:10,thinkpad,root,localhost,9,0,DISCONNECT,,,0
      20161023 11:53:46,thinkpad,root,localhost,10,0,CONNECT,,,0
      20161023 11:54:12,thinkpad,root,localhost,10,0,DISCONNECT,,,0
      20161023 11:54:15,thinkpad,root,localhost,11,0,CONNECT,,,0
      20161023 11:54:17,thinkpad,root,localhost,11,0,DISCONNECT,,,0

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-5983 Auditing plugin v2.0

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            elenst Elena Stepanova added a comment -

            It seems to be intentional:
            https://mariadb.com/kb/en/mariadb/server_audit-system-variables/#server_audit_excl_users

            server_audit_excl_users

            Description: If not empty, it contains the list of users whose activity will NOT be logged. For example: SET GLOBAL server_audit_excl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged.

            Do you want to make a request to change this behavior?

            elenst Elena Stepanova added a comment - It seems to be intentional: https://mariadb.com/kb/en/mariadb/server_audit-system-variables/#server_audit_excl_users server_audit_excl_users Description: If not empty, it contains the list of users whose activity will NOT be logged. For example: SET GLOBAL server_audit_excl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged. Do you want to make a request to change this behavior?
            tanj Guillaume Lefranc added a comment -

            Duh, I read the description of the variable two times and completely missed out on that...
            I think a feature request would be great, it's a hassle to log all connections from applicative users, for example.
            The use case is obvious where I'd like to log only human initiated logins.
            I'm not sure if it has been left out because the implementation was difficult or otherwise. If you can reach out to Alexey please let me know what he says!

            tanj Guillaume Lefranc added a comment - Duh, I read the description of the variable two times and completely missed out on that... I think a feature request would be great, it's a hassle to log all connections from applicative users, for example. The use case is obvious where I'd like to log only human initiated logins. I'm not sure if it has been left out because the implementation was difficult or otherwise. If you can reach out to Alexey please let me know what he says!
            elenst Elena Stepanova added a comment -

            I'll leave it to holyfoot to comment right here in the JIRA issue, I think it will be best this way.

            elenst Elena Stepanova added a comment - I'll leave it to holyfoot to comment right here in the JIRA issue, I think it will be best this way.
            ralf.gebhardt Ralf Gebhardt added a comment -

            Removed fixVersion 10.4 as we will get Audit Plugin 2.0 there. Filtering will be implemented differently then, see MDEV-5983

            ralf.gebhardt Ralf Gebhardt added a comment - Removed fixVersion 10.4 as we will get Audit Plugin 2.0 there. Filtering will be implemented differently then, see MDEV-5983
            ralf.gebhardt Ralf Gebhardt added a comment -

            Documented behavior
            https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/#logging-connect-events

            ralf.gebhardt Ralf Gebhardt added a comment - Documented behavior https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/#logging-connect-events

            People

              Unassigned Unassigned
              tanj Guillaume Lefranc
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.