[#MDEV-15428] Allow to filter audit events by "progname"; or even by arbitrary connection attribute, in addition to user name

[MDEV-15428] Allow to filter audit events by "progname"; or even by arbitrary connection attribute, in addition to user name Created: 2018-02-27 Updated: 2023-04-24
Status:	Open
Project:	MariaDB Server
Component/s:	Plugin - Audit
Fix Version/s:	None

Type:

Task

Priority:

Major

Reporter:

Hartmut Holzgraefe

Assignee:

Unassigned

Resolution:

Unresolved

Votes:

Labels:

None

Description

This is a feature request for being able to distinguish between application and human use if a MariaDB user account can be used by both an application setup, and directly by a human using the mysql command line client.

A user may interested in only auditing manual human interaction while ignoring the automatic application use.

There are two different approaches by which a human use may be detected:

by checking for the CLIENT_INTERACTIVE flag of the connection being set
by checking to what value the "progname" attribute of the connection is being set to

E.g.:

server_audit_incl_attr=progname:mysql

server_audit_excl_attr=progname:myapplication

or even as simple as

server_audit_interactive_only=yes

Generated at Thu Feb 08 08:21:13 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-15428] Allow to filter audit events by "progname"; or even by arbitrary connection attribute, in addition to user name Created: 2018-02-27 Updated: 2023-04-24