Documentation Home
MySQL 5.7 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 35.1Mb
PDF (A4) - 35.2Mb
Man Pages (TGZ) - 256.4Kb
Man Pages (Zip) - 361.2Kb
Info (Gzip) - 3.4Mb
Info (Zip) - 3.4Mb
Excerpts from this Manual

MySQL 5.7 Reference Manual  / ...  / Security  / Security Plugins  / MySQL Enterprise Audit  /  Audit Log Reference

6.4.5.11 Audit Log Reference

The following sections provide a reference to MySQL Enterprise Audit elements:

To install the audit log tables and functions, use the instructions provided inSection 6.4.5.2, “Installing or Uninstalling MySQL Enterprise Audit”. Unless those objects are installed, theaudit_log plugin operates in legacy mode. SeeSection 6.4.5.10, “Legacy Mode Audit Log Filtering”.

Audit Log Tables

MySQL Enterprise Audit uses tables in themysql system database for persistent storage of filter and user account data. The tables can be accessed only by users who have privileges for that database. The tables use theInnoDB storage engine (MyISAM prior to MySQL 5.7.21).

If these tables are missing, theaudit_log plugin operates in legacy mode. SeeSection 6.4.5.10, “Legacy Mode Audit Log Filtering”.

Theaudit_log_filter table stores filter definitions. The table has these columns:

  • NAME

    The filter name.

  • FILTER

    The filter definition associated with the filter name. Definitions are stored asJSON values.

Theaudit_log_user table stores user account information. The table has these columns:

  • USER

    The user name part of an account. For an accountuser1@localhost, theUSER part isuser1.

  • HOST

    The host name part of an account. For an accountuser1@localhost, theHOST part islocalhost.

  • FILTERNAME

    The name of the filter assigned to the account. The filter name associates the account with a filter defined in theaudit_log_filter table.

Audit Log Functions

This section describes, for each audit log function, its purpose, calling sequence, and return value. For information about the conditions under which these functions can be invoked, seeSection 6.4.5.7, “Audit Log Filtering”.

Each audit log function returns a string that indicates whether the operation succeeded.OK indicates success.ERROR:message indicates failure.

Audit log functions treat string arguments as binary strings (which means they do not distinguish lettercase), and string return values are binary strings.

If an audit log function is invoked from within themysql client, binary string results display using hexadecimal notation, depending on the value of the--binary-as-hex. For more information about that option, seeSection 4.5.1, “mysql — The MySQL Command-Line Client”.

These audit log functions are available:

  • audit_log_encryption_password_get()

    Retrieves the current audit log encryption password as a binary string. The password is fetched from the MySQL keyring, which must be enabled or an error occurs. Any keyring plugin can be used; for instructions, seeSection 6.4.4, “The MySQL Keyring”.

    For additional information about audit log encryption, seeEncrypting Audit Log Files.

    Arguments:

    None.

    Return value:

    The password string for success (up to 766 bytes), orNULL and an error for failure.

    Example:

    mysql> SELECT audit_log_encryption_password_get();+-------------------------------------+| audit_log_encryption_password_get() |+-------------------------------------+| secret                              |+-------------------------------------+

  • audit_log_encryption_password_set(password)

    Sets the audit log encryption password to the argument, stores the password in the MySQL keyring. If encryption is enabled, the function performs a log file rotation operation that renames the current log file, and begins a new log file encrypted with the password. The keyring must be enabled or an error occurs. Any keyring plugin can be used; for instructions, seeSection 6.4.4, “The MySQL Keyring”.

    For additional information about audit log encryption, seeEncrypting Audit Log Files.

    Arguments:

    password: The password string. The maximum permitted length is 766 bytes.

    Return value:

    1 for success, 0 for failure.

    Example:

    mysql> SELECT audit_log_encryption_password_set(password);+---------------------------------------------+| audit_log_encryption_password_set(password) |+---------------------------------------------+| 1                                           |+---------------------------------------------+

  • audit_log_filter_flush()

    Calling any of the other filtering functions affects operational audit log filtering immediately and updates the audit log tables. If instead you modify the contents of those tables directly using statements such asINSERT,UPDATE, andDELETE, the changes do not affect filtering immediately. To flush your changes and make them operational, callaudit_log_filter_flush().

    Warning

    audit_log_filter_flush() should be used only after modifying the audit tables directly, to force reloading all filters. Otherwise, this function should be avoided. It is, in effect, a simplified version of unloading and reloading theaudit_log plugin withUNINSTALL PLUGIN plusINSTALL PLUGIN.

    audit_log_filter_flush() affects all current sessions and detaches them from their previous filters. Current sessions are no longer logged unless they disconnect and reconnect, or execute a change-user operation.

    If this function fails, an error message is returned and the audit log is disabled until the next successful call toaudit_log_filter_flush().

    Arguments:

    None.

    Return value:

    A string that indicates whether the operation succeeded.OK indicates success.ERROR:message indicates failure.

    Example:

    mysql> SELECT audit_log_filter_flush();+--------------------------+| audit_log_filter_flush() |+--------------------------+| OK                       |+--------------------------+

  • audit_log_filter_remove_filter(filter_name)

    Given a filter name, removes the filter from the current set of filters. It is not an error for the filter not to exist.

    If a removed filter is assigned to any user accounts, those users stop being filtered (they are removed from theaudit_log_user table). Termination of filtering includes any current sessions for those users: They are detached from the filter and no longer logged.

    Arguments:

    • filter_name: A string that specifies the filter name.

    Return value:

    A string that indicates whether the operation succeeded.OK indicates success.ERROR:message indicates failure.

    Example:

    mysql> SELECT audit_log_filter_remove_filter('SomeFilter');+----------------------------------------------+| audit_log_filter_remove_filter('SomeFilter') |+----------------------------------------------+| OK                                           |+----------------------------------------------+

  • audit_log_filter_remove_user(user_name)

    Given a user account name, cause the user to be no longer assigned to a filter. It is not an error if the user has no filter assigned. Filtering of current sessions for the user remains unaffected. New connections for the user are filtered using the default account filter if there is one, and are not logged otherwise.

    If the name is%, the function removes the default account filter that is used for any user account that has no explicitly assigned filter.

    Arguments:

    • user_name: The user account name as a string inuser_name@host_name format, or% to represent the default account.

    Return value:

    A string that indicates whether the operation succeeded.OK indicates success.ERROR:message indicates failure.

    Example:

    mysql> SELECT audit_log_filter_remove_user('user1@localhost');+-------------------------------------------------+| audit_log_filter_remove_user('user1@localhost') |+-------------------------------------------------+| OK                                              |+-------------------------------------------------+

  • audit_log_filter_set_filter(filter_name,definition)

    Given a filter name and definition, adds the filter to the current set of filters. If the filter already exists and is used by any current sessions, those sessions are detached from the filter and are no longer logged. This occurs because the new filter definition has a new filter ID that differs from its previous ID.

    Arguments:

    • filter_name: A string that specifies the filter name.

    • definition: AJSON value that specifies the filter definition.

    Return value:

    A string that indicates whether the operation succeeded.OK indicates success.ERROR:message indicates failure.

    Example:

    mysql> SET @f = '{ "filter": { "log": false } }';mysql> SELECT audit_log_filter_set_filter('SomeFilter', @f);+-----------------------------------------------+| audit_log_filter_set_filter('SomeFilter', @f) |+-----------------------------------------------+| OK                                            |+-----------------------------------------------+

  • audit_log_filter_set_user(user_name,filter_name)

    Given a user account name and a filter name, assigns the filter to the user. A user can be assigned only one filter, so if the user was already assigned a filter, the assignment is replaced. Filtering of current sessions for the user remains unaffected. New connections are filtered using the new filter.

    As a special case, the name% represents the default account. The filter is used for connections from any user account that has no explicitly assigned filter.

    Arguments:

    • user_name: The user account name as a string inuser_name@host_name format, or% to represent the default account.

    • filter_name: A string that specifies the filter name.

    Return value:

    A string that indicates whether the operation succeeded.OK indicates success.ERROR:message indicates failure.

    Example:

    mysql> SELECT audit_log_filter_set_user('user1@localhost', 'SomeFilter');+------------------------------------------------------------+| audit_log_filter_set_user('user1@localhost', 'SomeFilter') |+------------------------------------------------------------+| OK                                                         |+------------------------------------------------------------+

  • audit_log_read([arg])

    Reads the audit log and returns a binaryJSON string result. If the audit log format is notJSON, an error occurs.

    With no argument or aJSON hash argument,audit_log_read() reads events from the audit log and returns aJSON string containing an array of audit events. Items in the hash argument influence how reading occurs, as described later. Each element in the returned array is an event represented as aJSON hash, with the exception that the last element may be aJSONnull value to indicate no following events are available to read.

    With an argument consisting of aJSONnull value,audit_log_read() closes the current read sequence.

    For additional details about the audit log-reading process, seeSection 6.4.5.6, “Reading Audit Log Files”.

    Arguments:

    arg: The argument is optional. If omitted, the function reads events from the current position. If present, the argument can be aJSONnull value to close the read sequence, or aJSON hash. Within a hash argument, items are optional and control aspects of the read operation such as the position at which to begin reading or how many events to read. The following items are significant (other items are ignored):

    • timestamp,id: The position within the audit log of the first event to read. If the position is omitted from the argument, reading continues from the current position. Thetimestamp andid items together comprise a bookmark that uniquely identify a particular event. If anaudit_log_read() argument includes either item, it must include both to completely specify a position or an error occurs.

      To obtain a bookmark for the most recently written event, callaudit_log_read_bookmark().

    • max_array_length: The maximum number of events to read from the log. If this item is omitted, the default is to read to the end of the log or until the read buffer is full, whichever comes first.

    Return value:

    If the call succeeds, the return value is a binaryJSON string containing an array of audit events, or aJSONnull value if that was passed as the argument to close the read sequence. If the call fails, the return value isNULL and an error occurs.

    Example:

    mysql> SELECT audit_log_read(audit_log_read_bookmark());+-----------------------------------------------------------------------+| audit_log_read(audit_log_read_bookmark())                             |+-----------------------------------------------------------------------+| [ {"timestamp":"2020-05-18 22:41:24","id":0,"class":"connection", ... |+-----------------------------------------------------------------------+mysql> SELECT audit_log_read('null');+------------------------+| audit_log_read('null') |+------------------------+| null                   |+------------------------+

  • audit_log_read_bookmark()

    Returns a binaryJSON string representing a bookmark for the most recently written audit log event. If the audit log format is notJSON, an error occurs.

    The bookmark is aJSON hash withtimestamp andid items that uniquely identify the position of an event within the audit log. It is suitable for passing toaudit_log_read() to indicate to that function the position at which to begin reading.

    For additional details about the audit log-reading process, seeSection 6.4.5.6, “Reading Audit Log Files”.

    Arguments:

    None.

    Return value:

    A binaryJSON string containing a bookmark for success, orNULL and an error for failure.

    Example:

    mysql> SELECT audit_log_read_bookmark();+-------------------------------------------------+| audit_log_read_bookmark()                       |+-------------------------------------------------+| { "timestamp": "2019-10-03 21:03:44", "id": 0 } |+-------------------------------------------------+
Audit Log Option and Variable Reference

Table 6.34 Audit Log Option and Variable Reference

NameCmd-LineOption FileSystem VarStatus VarVar ScopeDynamic
audit-logYesYes
audit_log_buffer_sizeYesYesYesGlobalNo
audit_log_compressionYesYesYesGlobalNo
audit_log_connection_policyYesYesYesGlobalYes
audit_log_current_sessionYesBothNo
Audit_log_current_sizeYesGlobalNo
audit_log_disableYesYesYesGlobalYes
audit_log_encryptionYesYesYesGlobalNo
Audit_log_event_max_drop_sizeYesGlobalNo
Audit_log_eventsYesGlobalNo
Audit_log_events_filteredYesGlobalNo
Audit_log_events_lostYesGlobalNo
Audit_log_events_writtenYesGlobalNo
audit_log_exclude_accountsYesYesYesGlobalYes
audit_log_fileYesYesYesGlobalNo
audit_log_filter_idYesBothNo
audit_log_flushYesGlobalYes
audit_log_formatYesYesYesGlobalNo
audit_log_include_accountsYesYesYesGlobalYes
audit_log_policyYesYesYesGlobalNo
audit_log_read_buffer_sizeYesYesYesVariesVaries
audit_log_rotate_on_sizeYesYesYesGlobalYes
audit_log_statement_policyYesYesYesGlobalYes
audit_log_strategyYesYesYesGlobalNo
Audit_log_total_sizeYesGlobalNo
Audit_log_write_waitsYesGlobalNo

Audit Log Options and Variables

This section describes the command options and system variables that configure operation of MySQL Enterprise Audit. If values specified at startup time are incorrect, theaudit_log plugin may fail to initialize properly and the server does not load it. In this case, the server may also produce error messages for other audit log settings because it does not recognize them.

To configure activation of the audit log plugin, use this option:

If the audit log plugin is enabled, it exposes several system variables that permit control over logging:

mysql> SHOW VARIABLES LIKE 'audit_log%';+--------------------------------------+--------------+| Variable_name                        | Value        |+--------------------------------------+--------------+| audit_log_buffer_size                | 1048576      || audit_log_compression                | NONE         || audit_log_connection_policy          | ALL          || audit_log_current_session            | OFF          || audit_log_disable                    | OFF          || audit_log_encryption                 | NONE         || audit_log_exclude_accounts           |              || audit_log_file                       | audit.log    || audit_log_filter_id                  | 0            || audit_log_flush                      | OFF          || audit_log_format                     | NEW          || audit_log_format_unix_timestamp      | OFF          || audit_log_include_accounts           |              || audit_log_policy                     | ALL          || audit_log_read_buffer_size           | 32768        || audit_log_rotate_on_size             | 0            || audit_log_statement_policy           | ALL          || audit_log_strategy                   | ASYNCHRONOUS |+--------------------------------------+--------------+

You can set any of these variables at server startup, and some of them at runtime. Those that are available only for legacy mode audit log filtering are so noted.

  • audit_log_buffer_size

    Command-Line Format--audit-log-buffer-size=#
    System Variableaudit_log_buffer_size
    ScopeGlobal
    DynamicNo
    TypeInteger
    Default Value1048576
    Minimum Value4096
    Maximum Value (64-bit platforms)18446744073709547520
    Maximum Value (32-bit platforms)4294967295
    Unitbytes
    Block Size4096

    When the audit log plugin writes events to the log asynchronously, it uses a buffer to store event contents prior to writing them. This variable controls the size of that buffer, in bytes. The server adjusts the value to a multiple of 4096. The plugin uses a single buffer, which it allocates when it initializes and removes when it terminates. The plugin allocates this buffer only if logging is asynchronous.

  • audit_log_compression

    Command-Line Format--audit-log-compression=value
    Introduced5.7.21
    System Variableaudit_log_compression
    ScopeGlobal
    DynamicNo
    TypeEnumeration
    Default ValueNONE
    Valid Values

    NONE

    GZIP

    The type of compression for the audit log file. Permitted values areNONE (no compression; the default) andGZIP (GNU Zip compression). For more information, seeCompressing Audit Log Files.

  • audit_log_connection_policy

    Command-Line Format--audit-log-connection-policy=value
    System Variableaudit_log_connection_policy
    ScopeGlobal
    DynamicYes
    TypeEnumeration
    Default ValueALL
    Valid Values

    ALL

    ERRORS

    NONE

    Note

    This variable applies only to legacy mode audit log filtering (seeSection 6.4.5.10, “Legacy Mode Audit Log Filtering”).

    The policy controlling how the audit log plugin writes connection events to its log file. The following table shows the permitted values.

    ValueDescription
    ALLLog all connection events
    ERRORSLog only failed connection events
    NONEDo not log connection events
    Note

    At server startup, any explicit value given foraudit_log_connection_policy may be overridden ifaudit_log_policy is also specified, as described inSection 6.4.5.5, “Configuring Audit Logging Characteristics”.

  • audit_log_current_session

    System Variableaudit_log_current_session
    ScopeGlobal, Session
    DynamicNo
    TypeBoolean
    Default Valuedepends on filtering policy

    Whether audit logging is enabled for the current session. The session value of this variable is read only. It is set when the session begins based on the values of theaudit_log_include_accounts andaudit_log_exclude_accounts system variables. The audit log plugin uses the session value to determine whether to audit events for the session. (There is a global value, but the plugin does not use it.)

  • audit_log_disable

    Command-Line Format--audit-log-disable[={OFF|ON}]
    Introduced5.7.37
    System Variableaudit_log_disable
    ScopeGlobal
    DynamicYes
    TypeBoolean
    Default ValueOFF

    Permits disabling audit logging for all connecting and connected sessions. Disabling audit logging requires theSUPER privilege. SeeSection 6.4.5.9, “Disabling Audit Logging”.

  • audit_log_encryption

    Command-Line Format--audit-log-encryption=value
    Introduced5.7.21
    System Variableaudit_log_encryption
    ScopeGlobal
    DynamicNo
    TypeEnumeration
    Default ValueNONE
    Valid Values

    NONE

    AES

    The type of encryption for the audit log file. Permitted values areNONE (no encryption; the default) andAES (AES-256-CBC cipher encryption). For more information, seeEncrypting Audit Log Files.

  • audit_log_exclude_accounts

    Command-Line Format--audit-log-exclude-accounts=value
    System Variableaudit_log_exclude_accounts
    ScopeGlobal
    DynamicYes
    TypeString
    Default ValueNULL
    Note

    This variable applies only to legacy mode audit log filtering (seeSection 6.4.5.10, “Legacy Mode Audit Log Filtering”).

    The accounts for which events should not be logged. The value should beNULL or a string containing a list of one or more comma-separated account names. For more information, seeSection 6.4.5.7, “Audit Log Filtering”.

    Modifications toaudit_log_exclude_accounts affect only connections created subsequent to the modification, not existing connections.

  • audit_log_file

    Command-Line Format--audit-log-file=file_name
    System Variableaudit_log_file
    ScopeGlobal
    DynamicNo
    TypeFile name
    Default Valueaudit.log

    The base name and suffix of the file to which the audit log plugin writes events. The default value isaudit.log, regardless of logging format. To have the name suffix correspond to the format, set the name explicitly, choosing a different suffix (for example,audit.xml for XML format,audit.json for JSON format).

    If the value ofaudit_log_file is a relative path name, the plugin interprets it relative to the data directory. If the value is a full path name, the plugin uses the value as is. A full path name may be useful if it is desirable to locate audit files on a separate file system or directory. For security reasons, write the audit log file to a directory accessible only to the MySQL server and to users with a legitimate reason to view the log.

    For details about how the audit log plugin interprets theaudit_log_file value and the rules for file renaming that occurs at plugin initialization and termination, seeNaming Conventions for Audit Log Files.

    As of MySQL 5.7.21, the audit log plugin uses the directory containing the audit log file (determined from theaudit_log_file value) as the location to search for readable audit log files. From these log files and the current file, the plugin constructs a list of the ones that are subject to use with the audit log bookmarking and reading functions. SeeSection 6.4.5.6, “Reading Audit Log Files”.

  • audit_log_filter_id

    Introduced5.7.13
    System Variableaudit_log_filter_id
    ScopeGlobal, Session
    DynamicNo
    TypeInteger
    Default Value1
    Minimum Value0
    Maximum Value4294967295

    The session value of this variable indicates the internally maintained ID of the audit filter for the current session. A value of 0 means that the session has no filter assigned.

  • audit_log_flush

    System Variableaudit_log_flush
    ScopeGlobal
    DynamicYes
    TypeBoolean
    Default ValueOFF

    Ifaudit_log_rotate_on_size is 0, automatic audit log file rotation is disabled and rotation occurs only when performed manually. In that case, enablingaudit_log_flush by setting it to 1 orON causes the audit log plugin to close and reopen its log file to flush it. (The variable value remainsOFF so that you need not disable it explicitly before enabling it again to perform another flush.) For more information, seeSection 6.4.5.5, “Configuring Audit Logging Characteristics”.

  • audit_log_format

    Command-Line Format--audit-log-format=value
    System Variableaudit_log_format
    ScopeGlobal
    DynamicNo
    TypeEnumeration
    Default ValueNEW
    Valid Values (≥ 5.7.21)

    OLD

    NEW

    JSON

    Valid Values (≤ 5.7.20)

    OLD

    NEW

    The audit log file format. Permitted values areOLD (old-style XML),NEW (new-style XML; the default), and (as of MySQL 5.7.21)JSON. For details about each format, seeSection 6.4.5.4, “Audit Log File Formats”.

    Note

    For information about issues to consider when changing the log format, seeSelecting Audit Log File Format.

  • audit_log_format_unix_timestamp

    Command-Line Format--audit-log-format-unix-timestamp[={OFF|ON}]
    Introduced5.7.35
    System Variableaudit_log_format_unix_timestamp
    ScopeGlobal
    DynamicYes
    TypeBoolean
    Default ValueOFF

    This variable applies only for JSON-format audit log output. When that is true, enabling this variable causes each log file record to include atime field. The field value is an integer that represents the UNIX timestamp value indicating the date and time when the audit event was generated.

    Changing the value of this variable at runtime causes log file rotation so that, for a given JSON-format log file, all records in the file either do or do not include thetime field.

  • audit_log_include_accounts

    Command-Line Format--audit-log-include-accounts=value
    System Variableaudit_log_include_accounts
    ScopeGlobal
    DynamicYes
    TypeString
    Default ValueNULL
    Note

    This variable applies only to legacy mode audit log filtering (seeSection 6.4.5.10, “Legacy Mode Audit Log Filtering”).

    The accounts for which events should be logged. The value should beNULL or a string containing a list of one or more comma-separated account names. For more information, seeSection 6.4.5.7, “Audit Log Filtering”.

    Modifications toaudit_log_include_accounts affect only connections created subsequent to the modification, not existing connections.

  • audit_log_policy

    Command-Line Format--audit-log-policy=value
    System Variableaudit_log_policy
    ScopeGlobal
    DynamicNo
    TypeEnumeration
    Default ValueALL
    Valid Values

    ALL

    LOGINS

    QUERIES

    NONE

    Note

    This variable applies only to legacy mode audit log filtering (seeSection 6.4.5.10, “Legacy Mode Audit Log Filtering”).

    The policy controlling how the audit log plugin writes events to its log file. The following table shows the permitted values.

    ValueDescription
    ALLLog all events
    LOGINSLog only login events
    QUERIESLog only query events
    NONELog nothing (disable the audit stream)

    audit_log_policy can be set only at server startup. At runtime, it is a read-only variable. Two other system variables,audit_log_connection_policy andaudit_log_statement_policy, provide finer control over logging policy and can be set either at startup or at runtime. If you useaudit_log_policy at startup instead of the other two variables, the server uses its value to set those variables. For more information about the policy variables and their interaction, seeSection 6.4.5.5, “Configuring Audit Logging Characteristics”.

  • audit_log_read_buffer_size

    Command-Line Format--audit-log-read-buffer-size=#
    Introduced5.7.21
    System Variableaudit_log_read_buffer_size
    Scope (≥ 5.7.23)Global, Session
    Scope (≤ 5.7.22)Global
    Dynamic (≥ 5.7.23)Yes
    Dynamic (≤ 5.7.22)No
    TypeInteger
    Default Value (≥ 5.7.23)32768
    Default Value (≤ 5.7.22)1048576
    Minimum Value (≥ 5.7.23)32768
    Minimum Value (≤ 5.7.22)1024
    Maximum Value4194304
    Unitbytes

    The buffer size for reading from the audit log file, in bytes. Theaudit_log_read() function reads no more than this many bytes. Log file reading is supported only for JSON log format. For more information, seeSection 6.4.5.6, “Reading Audit Log Files”.

    As of MySQL 5.7.23, this variable has a default of 32KB and can be set at runtime. Each client should set its session value ofaudit_log_read_buffer_size appropriately for its use ofaudit_log_read(). Prior to MySQL 5.7.23,audit_log_read_buffer_size has a default of 1MB, affects all clients, and can be changed only at server startup.

  • audit_log_rotate_on_size

    Command-Line Format--audit-log-rotate-on-size=#
    System Variableaudit_log_rotate_on_size
    ScopeGlobal
    DynamicYes
    TypeInteger
    Default Value0
    Minimum Value0
    Maximum Value18446744073709551615
    Unitbytes
    Block Size4096

    Ifaudit_log_rotate_on_size is 0, the audit log plugin does not perform automatic size-based log file rotation. If rotation is to occur, you must perform it manually; seeManual Audit Log File Rotation.

    Ifaudit_log_rotate_on_size is greater than 0, automatic size-based log file rotation occurs. Whenever a write to the log file causes its size to exceed theaudit_log_rotate_on_size value, the audit log plugin renames the current log file and opens a new current log file using the original name.

    If you setaudit_log_rotate_on_size to a value that is not a multiple of 4096, it is truncated to the nearest multiple. In particular, setting it to a value less than 4096 sets it to 0 and no rotation occurs, except manually.

    For more information about audit log file rotation, seeSpace Management of Audit Log Files.

  • audit_log_statement_policy

    Command-Line Format--audit-log-statement-policy=value
    System Variableaudit_log_statement_policy
    ScopeGlobal
    DynamicYes
    TypeEnumeration
    Default ValueALL
    Valid Values

    ALL

    ERRORS

    NONE

    Note

    This variable applies only to legacy mode audit log filtering (seeSection 6.4.5.10, “Legacy Mode Audit Log Filtering”).

    The policy controlling how the audit log plugin writes statement events to its log file. The following table shows the permitted values.

    ValueDescription
    ALLLog all statement events
    ERRORSLog only failed statement events
    NONEDo not log statement events
    Note

    At server startup, any explicit value given foraudit_log_statement_policy may be overridden ifaudit_log_policy is also specified, as described inSection 6.4.5.5, “Configuring Audit Logging Characteristics”.

  • audit_log_strategy

    Command-Line Format--audit-log-strategy=value
    System Variableaudit_log_strategy
    ScopeGlobal
    DynamicNo
    TypeEnumeration
    Default ValueASYNCHRONOUS
    Valid Values

    ASYNCHRONOUS

    PERFORMANCE

    SEMISYNCHRONOUS

    SYNCHRONOUS

    The logging method used by the audit log plugin. These strategy values are permitted:

    • ASYNCHRONOUS: Log asynchronously. Wait for space in the output buffer.

    • PERFORMANCE: Log asynchronously. Drop requests for which there is insufficient space in the output buffer.

    • SEMISYNCHRONOUS: Log synchronously. Permit caching by the operating system.

    • SYNCHRONOUS: Log synchronously. Callsync() after each request.

Audit Log Status Variables

If the audit log plugin is enabled, it exposes several status variables that provide operational information. These variables are available for legacy mode audit filtering and JSON mode audit filtering.