[MDEV-7596] audit plugin - record full query / document line length / make buffer configurable Created: 2015-02-16  Updated: 2015-03-31  Resolved: 2015-03-31

Status: Closed
Project: MariaDB Server
Component/s: Plugin - Audit
Affects Version/s: 10.1.1, 5.5, 10.0
Fix Version/s: 5.5.43

Type: Bug Priority: Major
Reporter: Hans-Joachim Kliemeck Assignee: Alexey Botchkov
Resolution: Fixed Votes: 0
Labels: server_audit


 Description   

Hey,

the audit plugin "should" record every part of the query. the current implementation is using a static buffer to shorten the query part. since an audit is used to detect problems or hacking attempts, the audit plugin is unusable. the current size of the buffer is 768 and should be dynamic by default or atleast configurable.
especially on hacking attacks the last part (where clause) is modified but this part is not part of the audit line. in addition this should be added to the documentation.

https://github.com/MariaDB/server/blob/10.1/plugin/server_audit/server_audit.c#L1018

 Comments   
Comment by Elena Stepanova [ 2015-02-17 ]

holyfoot,

I remember it being discussed back in days and declared to be by design, but I cannot find any traces of it in JIRA, so maybe I'm wrong. Could you please clarify?

Comment by Hans-Joachim Kliemeck [ 2015-02-23 ]

Any progress on that issue? Would be cool to know if there will be a change on future releases.

Comment by Alexey Botchkov [ 2015-03-31 ]

Fixing patch: http://lists.askmonty.org/pipermail/commits/2015-March/007689.html
The server_audit_query_log_limit variable added to control the length of the log record.

Generated at Thu Feb 08 07:20:49 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.