Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Do
Description
Please add variable to filter out CONNECT events in Audit Plugin. Normally, we have filters for users like server_audit_excl_users and server_audit_incl_users. But CONNECT records aren't affected by these variables - they are always logged. So if the same user is specified both in incl_ and excl_ lists, they will still be logged and there is no variable where I can specify if I don't want to capture CONNECT events for specific users.
This is the documented behavior, see https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/#excluding-or-including-users
"Note that CONNECT events are always logged for all users, regardless of these two settings. Logging is also based on username only, not the username and hostname combination that MariaDB uses to determine privileges."
See also https://mariadb.com/docs/server/security/audit/enterprise-audit/, where CONNECTs can be logged per user