[MDEV-11109] Make server_audit_excl_users have effect on connection logging Created: 2016-10-23  Updated: 2023-04-24

Status: Open
Project: MariaDB Server
Component/s: Plugin - Audit
Fix Version/s: None

Type: Task Priority: Minor
Reporter: Guillaume Lefranc Assignee: Unassigned
Resolution: Unresolved Votes: 3
Labels: community

Issue Links:
Relates
relates to MDEV-5983 Auditing plugin v2.0 Closed

 Description   

Simple test

INSTALL PLUGIN server_audit SONAME 'server_audit';
set global server_audit_logging=1;
set global server_audit_events=connect;
set global server_audit_excl_users=root;

Login/out

Connections are still logged:
20161023 11:52:40,thinkpad,root,localhost,8,13,QUERY,,'set global server_audit_logging=1',0
20161023 11:53:05,thinkpad,root,localhost,8,0,DISCONNECT,,,0
20161023 11:53:09,thinkpad,root,localhost,9,0,CONNECT,,,0
20161023 11:53:10,thinkpad,root,localhost,9,0,DISCONNECT,,,0
20161023 11:53:46,thinkpad,root,localhost,10,0,CONNECT,,,0
20161023 11:54:12,thinkpad,root,localhost,10,0,DISCONNECT,,,0
20161023 11:54:15,thinkpad,root,localhost,11,0,CONNECT,,,0
20161023 11:54:17,thinkpad,root,localhost,11,0,DISCONNECT,,,0

 Comments   
Comment by Elena Stepanova [ 2016-10-23 ]

It seems to be intentional:
https://mariadb.com/kb/en/mariadb/server_audit-system-variables/#server_audit_excl_users

server_audit_excl_users

Description: If not empty, it contains the list of users whose activity will NOT be logged. For example: SET GLOBAL server_audit_excl_users='user_foo, user_bar'. CONNECT records aren't affected by this variable - they are always logged.

Do you want to make a request to change this behavior?

Comment by Guillaume Lefranc [ 2016-10-23 ]

Duh, I read the description of the variable two times and completely missed out on that...
I think a feature request would be great, it's a hassle to log all connections from applicative users, for example.
The use case is obvious where I'd like to log only human initiated logins.
I'm not sure if it has been left out because the implementation was difficult or otherwise. If you can reach out to Alexey please let me know what he says!

Comment by Elena Stepanova [ 2016-10-23 ]

I'll leave it to holyfoot to comment right here in the JIRA issue, I think it will be best this way.

Comment by Ralf Gebhardt [ 2018-10-10 ]

Removed fixVersion 10.4 as we will get Audit Plugin 2.0 there. Filtering will be implemented differently then, see MDEV-5983

Comment by Ralf Gebhardt [ 2023-04-24 ]

Documented behavior
https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/#logging-connect-events

Generated at Thu Feb 08 07:47:23 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.