Rechercher dans le manuel MySQL
6.4.5.8 Legacy Mode Audit Log Filtering
This section describes legacy audit log filtering, which
applies if the audit_log
plugin is
installed but not the accompanying audit tables and UDFs
needed for rule-based filtering.
The audit log plugin can filter audited events. This enables you to control whether audited events are written to the audit log file based on the account from which events originate or event status. Status filtering occurs separately for connection events and statement events.
Event Filtering by Account
To filter audited events based on the originating account, set one of these system variables at server startup or runtime:
audit_log_include_accounts
: The accounts to include in audit logging. If this variable is set, only these accounts are audited.audit_log_exclude_accounts
: The accounts to exclude from audit logging. If this variable is set, all but these accounts are audited.
The value for either variable can be NULL
or a string containing one or more comma-separated account
names, each in
format. By default, both variables are
user_name
@host_name
NULL
, in which case, no account filtering
is done and auditing occurs for all accounts.
Modifications to
audit_log_include_accounts
or
audit_log_exclude_accounts
affect only connections created subsequent to the
modification, not existing connections.
Example: To enable audit logging only for the
user1
and user2
local
host account accounts, set the
audit_log_include_accounts
system variable like this:
Only one of
audit_log_include_accounts
or
audit_log_exclude_accounts
can be non-NULL
at a time:
If you set
audit_log_include_accounts
, the server setsaudit_log_exclude_accounts
toNULL
.If you attempt to set
audit_log_exclude_accounts
, an error occurs unlessaudit_log_include_accounts
isNULL
. In this case, you must first clearaudit_log_include_accounts
by setting it toNULL
.
- -- This sets audit_log_exclude_accounts to NULL
- -- This fails because audit_log_include_accounts is not NULL
- -- To set audit_log_exclude_accounts, first set
- -- audit_log_include_accounts to NULL
If you inspect the value of either variable, be aware that
SHOW VARIABLES
displays
NULL
as an empty string. To avoid this, use
SELECT
instead:
- +----------------------------+-------+
- +----------------------------+-------+
- | audit_log_include_accounts | |
- +----------------------------+-------+
- +------------------------------+
- | @@audit_log_include_accounts |
- +------------------------------+
- +------------------------------+
If a user name or host name requires quoting because it
contains a comma, space, or other special character, quote it
using single quotes. If the variable value itself is quoted
with single quotes, double each inner single quote or escape
it with a backslash. The following statements each enable
audit logging for the local root
account
and are equivalent, even though the quoting styles differ:
The last statement will not work if the
ANSI_QUOTES
SQL mode is enabled because in
that mode double quotes signify identifier quoting, not string
quoting.
To filter audited events based on status, set the following system variables at server startup or runtime. These variables apply only for legacy audit log filtering. For JSON audit log filtering, different status variables apply; see Audit Log Options and Variables.
audit_log_connection_policy
: Logging policy for connection eventsaudit_log_statement_policy
: Logging policy for statement events
Each variable takes a value of ALL
(log all
associated events; this is the default),
ERRORS
(log only failed events), or
NONE
(do not log events). For example, to
log all statement events but only failed connection events,
use these settings:
Another policy system variable,
audit_log_policy
, is
available but does not afford as much control as
audit_log_connection_policy
and
audit_log_statement_policy
.
It can be set only at server startup. At runtime, it is a
read-only variable. It takes a value of ALL
(log all events; this is the default),
LOGINS
(log connection events),
QUERIES
(log statement events), or
NONE
(do not log events). For any of those
values, the audit log plugin logs all selected events without
distinction as to success or failure. Use of
audit_log_policy
at startup
works as follows:
If you do not set
audit_log_policy
or set it to its default ofALL
, any explicit settings foraudit_log_connection_policy
oraudit_log_statement_policy
apply as specified. If not specified, they default toALL
.If you set
audit_log_policy
to a non-ALL
value, that value takes precedence over and is used to setaudit_log_connection_policy
andaudit_log_statement_policy
, as indicated in the following table. If you also set either of those variables to a value other than their default ofALL
, the server writes a message to the error log to indicate that their values are being overridden.Startup audit_log_policy Value Resulting audit_log_connection_policy Value Resulting audit_log_statement_policy Value LOGINS
ALL
NONE
QUERIES
NONE
ALL
NONE
NONE
NONE
Deutsche Übersetzung
Sie haben gebeten, diese Seite auf Deutsch zu besuchen. Momentan ist nur die Oberfläche übersetzt, aber noch nicht der gesamte Inhalt.Wenn Sie mir bei Übersetzungen helfen wollen, ist Ihr Beitrag willkommen. Alles, was Sie tun müssen, ist, sich auf der Website zu registrieren und mir eine Nachricht zu schicken, in der Sie gebeten werden, Sie der Gruppe der Übersetzer hinzuzufügen, die Ihnen die Möglichkeit gibt, die gewünschten Seiten zu übersetzen. Ein Link am Ende jeder übersetzten Seite zeigt an, dass Sie der Übersetzer sind und einen Link zu Ihrem Profil haben.
Vielen Dank im Voraus.
Dokument erstellt 26/06/2006, zuletzt geändert 26/10/2018
Quelle des gedruckten Dokuments:https://www.gaudry.be/de/mysql-rf-audit-log-legacy-filtering.html
Die Infobro ist eine persönliche Seite, deren Inhalt in meiner alleinigen Verantwortung liegt. Der Text ist unter der CreativeCommons-Lizenz (BY-NC-SA) verfügbar. Weitere Informationen auf die Nutzungsbedingungen und dem Autor.
Referenzen
Diese Verweise und Links verweisen auf Dokumente, die während des Schreibens dieser Seite konsultiert wurden, oder die zusätzliche Informationen liefern können, aber die Autoren dieser Quellen können nicht für den Inhalt dieser Seite verantwortlich gemacht werden.
Der Autor Diese Website ist allein dafür verantwortlich, wie die verschiedenen Konzepte und Freiheiten, die mit den Nachschlagewerken gemacht werden, hier dargestellt werden. Denken Sie daran, dass Sie mehrere Quellinformationen austauschen müssen, um das Risiko von Fehlern zu reduzieren.