[MDEV-5681] audit log will not rotate when the file size exceeds global variable setting - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.5.37, 10.0.10
Component/s: None
Labels:
- plugins
- server_audit
Environment:
RHEL 6.5, MariaDB 5.5.32, x86_64, server_audit-1.1.3

Description

audit log will not rotate when the file size exceeds global variable setting

Setting server_audit_file_rotate_now = ON does work though.

To reproduce, try setting server_audit_events = 'connect' and server_audit_file_rotate_size = 1000. Then connect with a bad password about 20 times:

for i in {1..20}; do mysql -ufail -pfail; done

Notice that the server_audit.log file does not rotate even though its size is 2700 bytes when the rotate size is 1000 bytes.

Same can be said about 2 more variables:
server_audit_file_rotations
server_audit_syslog_ident

We should fix them alltogether.

Attachments

Activity

Ascending order - Click to sort in descending order

Adam C. Scott added a comment - 2014-02-25 20:09 - edited

After stepping through the debugger, the "bug" is that the server_audit_file_rotate_size will not take effect until after the log is closed and opened which can be achieved by:
set global server_audit_logging=OFF;
set global server_audit_logging=ON;

So this can provide a work around. In other words, after changing the server_audit_file_rotate_size, set logging off and then back on for the size to take effect.

Probably the best approach is to update this line in server_audit.c

static MYSQL_SYSVAR_ULONGLONG(file_rotate_size, file_rotate_size,

       PLUGIN_VAR_RQCMDARG, "Maximum size of the log to start the rotation.",

       NULL, NULL,

       1000000, 100, ((long long) 0x7FFFFFFFFFFFFFFFLL), 1);

and set the second NULL to a function that updates the global variable logfile in server_audit.c setting logfile->sizelimit = file_rotate_size

Adam C. Scott added a comment - 2014-02-25 20:09 - edited After stepping through the debugger, the "bug" is that the server_audit_file_rotate_size will not take effect until after the log is closed and opened which can be achieved by: set global server_audit_logging=OFF; set global server_audit_logging=ON; So this can provide a work around. In other words, after changing the server_audit_file_rotate_size, set logging off and then back on for the size to take effect. Probably the best approach is to update this line in server_audit.c static MYSQL_SYSVAR_ULONGLONG(file_rotate_size, file_rotate_size, PLUGIN_VAR_RQCMDARG, "Maximum size of the log to start the rotation.", NULL, NULL, 1000000, 100, ((long long) 0x7FFFFFFFFFFFFFFFLL), 1); and set the second NULL to a function that updates the global variable logfile in server_audit.c setting logfile->sizelimit = file_rotate_size

Alexey Botchkov added a comment - 2014-03-14 15:25

Fixing patch:
http://lists.askmonty.org/pipermail/commits/2014-March/006008.html

Alexey Botchkov added a comment - 2014-03-14 15:25 Fixing patch: http://lists.askmonty.org/pipermail/commits/2014-March/006008.html

People

Assignee:: Alexey Botchkov

Reporter:: Adam C. Scott

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2014-02-15 00:19

Updated:: 2014-03-17 18:28

Resolved:: 2014-03-17 18:28

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server