I have configured the Audit plugin as:
plugin-load-add = server_audit
server_audit_logging = ON
server_audit_events = QUERY_DML
server_audit_output_type = FILE
server_audit_file_path = /path/to/audit.log
server_audit_query_log_limit = 1048576
server_audit_file_rotate_size = 1073741824
server_audit_file_rotations = 1
Based on the docs, "QUERY_DML" should mean:
Same as QUERY, but filters only DML-type queries (DO, CALL, LOAD DATA/XML, DELETE, INSERT, UPDATE, HANDLER and REPLACE statements)
However, in the created log file, together with expected INSERTs, UPDATEs and DELETEs, I also find all SELECTs are logged.
Based on the description, SELECTs should not appear in the log with this config, or perhaps the description is wrong.