Additionally make sure JSON messages are UTF8 encoded (as this is expected by many readers), no matter for charset is used from MariaDB server side. We may have to add option like:

server_audit_output_charset

to take this into account.

Also, it would be helpful if current CSV-type format can be changed.

Current csv-type file format is simple, but it's still painful to parse, because
in case [operation] is QUERY, [object] (==query-string) can contain csv-delimiter chars (',').
Also you have to have special mysql/mariadb-unquote parser to parse query string to get it correctly parsed.

Would be nice to have this feature.

We have two existing JSON formats - the MySQL format and the Percona one.
https://docs.percona.com/percona-server/8.0/management/audit_log_plugin.html#audit_log_buffer_size_overflow

https://dev.mysql.com/doc/refman/8.0/en/audit-log-file-formats.html#audit-log-file-json-format

Along with the request about CSV i'd propose to make formats flexible - add variables to specify the list of columns (for CSV) and keys (for the JSON) that appear in the log. Excluding the data that is not needed can save the space, and we also can provide additional information that is not shown in those Oracle/Percona's logs.

I would be good to have a similar format as Percona server as this would allow easier usage with their PMM monitor:

Here is an example of one of their records:

{

  "audit_record": {

    "name": "Query",

    "record": "4707_2014-08-27T10:43:52",

    "timestamp": "2014-08-27T10:44:19 UTC",

    "command_class": "show_databases",

    "connection_id": "37",

    "status": 0,

    "sqltext": "show databases",

    "user": "root[root] @ localhost []",

    "host": "localhost",

    "os_user": "",

    "ip": ""

  }

}

holyfoot, if it's flexible, how would you let user to define the format? in what way? using what syntax?