0

Tried maria db audit plug-in in MYSQL using the reference(https://mariadb.com/blog/activating-auditing-mariadb-and-mysql-5-minutes).

I didn't see option to dump audit log into database table and looking to try with some workaround to achieve this.

Option#1 - Write shell scripts to dump audit log with the appropriate table structure(Timestamp, Server-Host, User, Client-Host, Connection-ID, Query-ID, Operation, Database, Table, Error-Code) which will be invoked by cron job. It should have capability to load fresh audit log(server_audit.log.xx) to avoid duplicate data in database table. It also requires two steps (Step#1-audit plug-in dumps audit logs into flat file, Step #2- Shell Script dumps audit logs into database table from flat file), which is not a effective approach.

Option#2 - Addition extension on server_audit.so which provides functionality to dump audit data directly into table.

I didn't get source code for server_audit.so. Being Maria DB audit plug-in free software, is it fare enough to try for getting source code of server_audit.so? Anybody tried to override logging audit data into flat file and log audit data directly into database table?

Suresh Gautam
  • 816
  • 8
  • 21
  • 1
    You can always change the open source. However I would keep audit data separated from my main database for security and accessibility reasons. If it gets back into the database which is being audited (for whatever reason), it might be vulnerable to changes. – Norbert Jul 19 '15 at 05:04
  • @norbet - Really appreciated for the prompt response. You are absolutely right in terms of security and accessibility but getting audit data in a table can provides advantage for analyzing and producing summary report like - Report1 - Source IP|First_Connection_DateTime|Last_Connection_DateTime|NumberOfConnections, Report2 - Source IP|username|Date_Time|DML_DDL_Query – Suresh Gautam Jul 19 '15 at 05:11
  • 1
    I agree with that: So I would use a log parser and dump it in a separate database engine (so different instance/different server). That is probably easier to do than adjusting the audit plugin. – Norbert Jul 19 '15 at 05:14
  • @Norbet - Agree with the option for dumping audit log into flat file and import audit log into the table in different database server. Next, I am looking to override the original functionality of .so file. – Suresh Gautam Jul 19 '15 at 05:17
  • 1
    Assuming you are running a UNIX style database server: You really do not have to. You can attach a listener process to the log file which just processes the rows as they come in (near real time) (going off line: Google for tail -F {filename} | somelogparser on how to get this started). – Norbert Jul 19 '15 at 05:22
  • Yes, I am using NIX style server environment. Ohh yes, it could be one approach to achieve the objective. Thanks. – Suresh Gautam Jul 19 '15 at 05:31

0 Answers0