Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5983

Auditing plugin v2.0




      The set of desired features for the Auditing Plugin is big enough.
      And we need to recode the existing plugin significantly to make it all working.
      So v2.0

      Features planned to include in it:
      1. filter rules defined per user/role using a system table

      • this will make the parameters server_audit_events, server_audit_excl_users and server_audit_incl_users obsolete
      • thew default behavior without having filter rules defined will be to log all events and for all users
      • user should be user@host for different filtering per host

      2. Propagating Auditing Setting to log files
      For Auditing it is of value to know the settings an audit log is based on.
      When creating a new file, current settings should be added. A new event type could be used, like AUDIT_CONFIG and can be enabled via a system variable.

      In the same format current used for the auditing rows it could look like:

      20180307 22:57:20,,,,,,AUDIT_CONFIG,,'server_audit_syslog_priority=LOG_INFO',0

      3. Logging for changes of auditing settings
      As audit logging settings can be changed dynamically, should be possible to log changes to the audit settings itself, although events like QUERY are disabled ( a SET command used). The same format could be used as above, but just reporting the new value.

      4. Placeholders instead of the real values for Query Logging.
      That's needed usually for the security reasons. Particularly important for passwords.

      5. Log rotation based on days

      6. PRIVILEGES event type.


        Issue Links



              Unassigned Unassigned
              holyfoot Alexey Botchkov
              8 Vote for this issue
              16 Start watching this issue



                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.