Rechercher dans le manuel MySQL
6.4.5.6 Audit Log Filtering
This section describes how audit log filtering works if the audit log plugin and the accompanying audit tables and UDFs are installed. If the plugin is installed but not the accompanying audit tables and UDFs, the plugin operates in legacy filtering mode, described in Section 6.4.5.7, “Legacy Mode Audit Log Filtering”. Legacy mode is filtering behavior as it was prior to MySQL 5.7.13; that is, before the introduction of rule-based filtering.
The audit log plugin has the capability of controlling logging of audited events by filtering them:
Audited events can be filtered using these characteristics:
User account
Audit event class
Audit event subclass
Value of event fields such as those that indicate operation status or SQL statement executed
Audit filtering is rule based:
A filter definition creates a set of auditing rules. Definitions can be configured to include or exclude events for logging based on the characteristics just described.
Filter rules have the capability of blocking (aborting) execution of qualifying events, in addition to existing capabilities for event logging.
Multiple filters can be defined, and any given filter can be assigned to any number of user accounts.
It is possible to define a default filter to use with any user account that has no explicitly assigned filter.
Audit filters can be defined, displayed, and modified using an SQL interface based on user-defined functions (UDFs).
Audit filter definitions are stored in the tables in the
mysqlsystem database.Within a given session, the value of the read-only
audit_log_filter_idsystem variable indicates whether a filter has been assigned to the session.
By default, rule-based audit log filtering logs no auditable events for any users. To log all auditable events for all users, use the following statements, which create a simple filter to enable logging and assign it to the default account:
The filter assigned to % is used for
connections from any account that has no explicitly assigned
filter (which initially is true for all accounts).
The following list briefly summarizes the UDFs that implement the SQL interface for audit filtering control:
audit_log_filter_set_filter(): Define a filteraudit_log_filter_remove_filter(): Remove a filteraudit_log_filter_set_user(): Start filtering a user accountaudit_log_filter_remove_user(): Stop filtering a user accountaudit_log_filter_flush(): Flush manual changes to the filter tables to affect ongoing filtering
For usage examples and complete details about the filtering functions, see Section 6.4.5.6.1, “Using Audit Log Filtering Functions”, and Section 6.4.5.8.2, “Audit Log Functions”.
Audit log filtering functions are subject to these constraints:
To use any filtering function, the
audit_logplugin must be enabled or an error occurs. In addition, the audit tables must exist or an error occurs. To install theaudit_logplugin and its accompanying UDFs and tables, see Section 6.4.5.2, “Installing or Uninstalling MySQL Enterprise Audit”.To use any filtering function, a user must possess the
SUPERprivilege or an error occurs. To grant theSUPERprivilege to a user account, use this statement:Alternatively, should you prefer to avoid granting the
SUPERprivilege while still permitting users to access specific filtering functions, “wrapper” stored programs can be defined. This technique is described in the context of keyring UDFs in Section 6.4.4.8.2, “Using General-Purpose Keyring Functions”; it can be adapted for use with filtering UDFs.The
audit_logplugin operates in legacy mode if it is installed but the accompanying audit tables and functions are not created. The plugin writes these messages to the error log at server startup:[Warning] Plugin audit_log reported: 'Failed to open the audit log filter tables.' [Warning] Plugin audit_log reported: 'Audit Log plugin supports a filtering, which has not been installed yet. Audit Log plugin will run in the legacy mode, which will be disabled in the next release.'In legacy mode, filtering can be done based only on event account or status. For details, see Section 6.4.5.7, “Legacy Mode Audit Log Filtering”.
6.4.5.6.1 Using Audit Log Filtering Functions
Before using the audit log user-defined functions (UDFs),
install them according to the instructions provided in
Section 6.4.5.2, “Installing or Uninstalling MySQL Enterprise Audit”. The
SUPER privilege is required to
use any of these functions.
The audit log filtering functions enable filtering control by providing an interface to create, modify, and remove filter definitions and assign filters to user accounts.
Filter definitions are JSON
values. For information about using
JSON data in MySQL, see
Section 11.6, “The JSON Data Type”. This section shows some simple filter
definitions. For more information about filter definitions,
see Section 6.4.5.6.2, “Writing Audit Log Filter Definitions”.
When a connection arrives, the audit log plugin determines which filter to use for the new session by searching for the user account name in the current filter assignments:
If a filter is assigned to the user, the audit log uses that filter.
Otherwise, if no user-specific filter assignment exists, but there is a filter assigned to the default account (
%), the audit log uses the default filter.Otherwise, the audit log selects no audit events from the session for processing.
If a change-user operation occurs during a session (see Section 28.7.7.3, “mysql_change_user()”), filter assignment for the session is updated using the same rules but for the new user.
By default, no accounts have a filter assigned, so no processing of auditable events occurs for any account.
Suppose that instead you want the default to be to log only
connection-related activity (for example, to see connect,
change-user, and disconnect events, but not the SQL statements
users execute while connected). To achieve this, define a
filter (shown here named log_conn_events)
that enables logging only of events in the
connection class, and assign that filter to
the default account, represented by the %
account name:
Now the audit log uses this default account filter for connections from any account that has no explicitly defined filter.
To assign a filter explicitly to a particular user account or accounts, define the filter, then assign it to the relevant accounts:
Now full logging is enabled for
user1@localhost and
user2@localhost. Connections from other
accounts continue to be filtered using the default account
filter.
To disassociate a user account from its current filter, either unassign the filter or assign a different filter:
To unassign the filter from the user account:
Filtering of current sessions for the account remains unaffected. Subsequent connections from the account are filtered using the default account filter if there is one, and are not logged otherwise.
To assign a different filter to the user account:
Filtering of current sessions for the account remains unaffected. Subsequent connections from the account are filtered using the new filter. For the filter shown here, that means no logging for new connections from
user1@localhost.
For audit log filtering, user name and host name comparisons are case-sensitive. This differs from comparisons for privilege checking, for which host name comparisons are not case-sensitive.
To remove a filter, do this:
Removing a filter also unassigns it from any users to whom it has been assigned, including any current sessions for those users.
The filtering UDFs just described affect audit filtering
immediately and update the audit log tables in the
mysql system database that store filters
and user accounts (see Section 6.4.5.8.1, “Audit Log Tables”). It
is also possible to modify the audit log tables directly using
statements such as INSERT,
UPDATE, and
DELETE, but such changes do not
affect filtering immediately. To flush your changes and make
them operational, call
audit_log_filter_flush():
audit_log_filter_flush()
should be used only after modifying the audit tables
directly, to force reloading all filters. Otherwise, this
function should be avoided. It is, in effect, a simplified
version of unloading and reloading the
audit_log plugin with
UNINSTALL PLUGIN plus
INSTALL PLUGIN.
audit_log_filter_flush()
affects all current sessions and detaches them from their
previous filters. Current sessions are no longer logged
unless they disconnect and reconnect, or execute a
change-user operation.
To determine whether a filter has been assigned to the current
session, check the session value of the read-only
audit_log_filter_id system
variable. If the value is 0, no filter is assigned. A nonzero
value indicates the internally maintained ID of the assigned
filter:
- +-----------------------+
- | @@audit_log_filter_id |
- +-----------------------+
- | 2 |
- +-----------------------+
Filter definitions are JSON
values. For information about using
JSON data in MySQL, see
Section 11.6, “The JSON Data Type”.
Filter definitions have this form, where
actions indicates how filtering
takes place:
{ "filter": actions }The following discussion describes permitted constructs in filter definitions.
To explicitly enable or disable logging of all events, use a
log element in the filter:
{
"filter": { "log": true }
}
The log value can be either
true or false.
The preceding filter enables logging of all events. It is equivalent to:
{
"filter": { }
}
Logging behavior depends on the log value
and whether class or
event items are specified:
With
logspecified, its given value is used.Without
logspecified, logging istrueif noclassoreventitem is specified, andfalseotherwise (in which case,classoreventcan include their ownlogitem).
To log events of a specific class, use a
class element in the filter, with its
name field denoting the name of the class
to log:
{
"filter": {
"class": { "name": "connection" }
}
}
The name value can be
connection, general,
or table_access to log connection,
general, or table-access events, respectively.
The preceding filter enables logging of events in the
connection class. It is equivalent to the
following filter with log items made
explicit:
{
"filter": {
"log": false,
"class": { "log": true,
"name": "connection" }
}
}
To enable logging of multiple classes, define the
class value as a
JSON array element that names
the classes:
{
"filter": {
"class": [
{ "name": "connection" },
{ "name": "general" },
{ "name": "table_access" }
]
}
}When multiple instances of a given item appear at the same level within a filter definition, the item values can be combined into a single instance of that item within an array value. The preceding definition can be written like this:
{
"filter": {
"class": [
{ "name": [ "connection", "general", "table_access" ] }
]
}
}
To select specific event subclasses, use an
event item containing a
name item that names the subclasses. The
default action for events selected by an
event item is to log them. For example,
this filter enables logging for the named event subclasses:
{
"filter": {
"class": [
{
"name": "connection",
"event": [
{ "name": "connect" },
{ "name": "disconnect" }
]
},
{ "name": "general" },
{
"name": "table_access",
"event": [
{ "name": "insert" },
{ "name": "delete" },
{ "name": "update" }
]
}
]
}
}
The event item can also contain explicit
log items to indicate whether to log
qualifying events. This event item
selects multiple events and explicitly indicates logging
behavior for them:
"event": [
{ "name": "read", "log": false },
{ "name": "insert", "log": true },
{ "name": "delete", "log": true },
{ "name": "update", "log": true }
]
The event item can also indicate whether
to block qualifying events, if it contains an
abort item. For details, see
Blocking Execution of Specific Events.
Table 6.28, “Event Class and Subclass Combinations” describes the permitted subclass values for each event class.
Table 6.28 Event Class and Subclass Combinations
| Event Class | Event Subclass | Description |
|---|---|---|
connection |
connect |
Connection initiation (successful or unsuccessful) |
connection |
change_user |
User re-authentication with different user/password during session |
connection |
disconnect |
Connection termination |
general |
status |
General operation information |
message |
internal |
Internally generated message |
message |
user |
Message generated by
audit_api_message_emit_udf() |
table_access |
read |
Table read statements, such as SELECT or
INSERT
INTO ... SELECT |
table_access |
delete |
Table delete statements, such as DELETE
or TRUNCATE TABLE |
table_access |
insert |
Table insert statements, such as INSERT
or REPLACE |
table_access |
update |
Table update statements, such as UPDATE |
Table 6.29, “Log and Abort Characteristics Per Event Class and Subclass Combination” describes for each event subclass whether it can be logged or aborted.
Table 6.29 Log and Abort Characteristics Per Event Class and Subclass Combination
| Event Class | Event Subclass | Can be Logged | Can be Aborted |
|---|---|---|---|
connection |
connect |
Yes | No |
connection |
change_user |
Yes | No |
connection |
disconnect |
Yes | No |
general |
status |
Yes | No |
message |
internal |
Yes | Yes |
message |
user |
Yes | Yes |
table_access |
read |
Yes | Yes |
table_access |
delete |
Yes | Yes |
table_access |
insert |
Yes | Yes |
table_access |
update |
Yes | Yes |
A filter can be defined in inclusive or exclusive mode:
Inclusive mode logs only explicitly specified items.
Exclusive mode logs everything but explicitly specified items.
To perform inclusive logging, disable logging globally and
enable logging for specific classes. This filter logs
connect and disconnect
events in the connection class, and
events in the general class:
{
"filter": {
"log": false,
"class": [
{
"name": "connection",
"event": [
{ "name": "connect", "log": true },
{ "name": "disconnect", "log": true }
]
},
{ "name": "general", "log": true }
]
}
}
To perform exclusive logging, enable logging globally and
disable logging for specific classes. This filter logs
everything except events in the general
class:
{
"filter": {
"log": true,
"class":
{ "name": "general", "log": false }
}
}
This filter logs change_user events in
the connection class,
message events, and
table_access events:
{
"filter": {
"log": true,
"class": [
{
"name": "connection",
"event": [
{ "name": "connect", "log": false },
{ "name": "disconnect", "log": false }
]
},
{ "name": "general", "log": false }
]
}
}
To enable logging based on specific event field values,
specify a field item within the
log item that indicates the field name
and its expected value:
{
"filter": {
"class": {
"name": "general",
"event": {
"name": "status",
"log": {
"field": { "name": "general_command.str", "value": "Query" }
}
}
}
}
}Each event contains event class-specific fields that can be accessed from within a filter to perform custom filtering.
A connection event indicates when a connection-related activity occurs during a session, such as a user connecting to or disconnecting from the server. Table 6.30, “Connection Event Fields” indicates the permitted fields for connection events.
Table 6.30 Connection Event Fields
| Field Name | Field Type | Description |
|---|---|---|
status |
integer | Event status: 0: OK Otherwise: Failed |
connection_id |
unsigned integer | Connection ID |
user.str |
string | User name specified during authentication |
user.length |
unsigned integer | User name length |
priv_user.str |
string | Authenticated user name (account user name) |
priv_user.length |
unsigned integer | Authenticated user name length |
external_user.str |
string | External user name (provided by third-party authentication plugin) |
external_user.length |
unsigned integer | External user name length |
proxy_user.str |
string | Proxy user name |
proxy_user.length |
unsigned integer | Proxy user name length |
host.str |
string | Connected user host |
host.length |
unsigned integer | Connected user host length |
ip.str |
string | Connected user IP address |
ip.length |
unsigned integer | Connected user IP address length |
database.str |
string | Database name specified at connect time |
database.length |
unsigned integer | Database name length |
connection_type |
integer | Connection type:
or
or
or
or
or
or |
The "::
values are symbolic pseudo-constants that may be given
instead of the literal numeric values. They must be quoted
as strings and are case-sensitive.
xxx"
A general event indicates the status code of an operation and its details. Table 6.31, “General Event Fields” indicates the permitted fields for general events.
Table 6.31 General Event Fields
| Field Name | Field Type | Description |
|---|---|---|
general_error_code |
integer | Event status: 0: OK Otherwise: Failed |
general_thread_id |
unsigned integer | Connection/thread ID |
general_user.str |
string | User name specified during authentication |
general_user.length |
unsigned integer | User name length |
general_command.str |
string | Command name |
general_command.length |
unsigned integer | Command name length |
general_query.str |
string | SQL statement text |
general_query.length |
unsigned integer | SQL statement text length |
general_host.str |
string | Host name |
general_host.length |
unsigned integer | Host name length |
general_sql_command.str |
string | SQL command type name |
general_sql_command.length |
unsigned integer | SQL command type name length |
general_external_user.str |
string | External user name (provided by third-party authentication plugin) |
general_external_user.length |
unsigned integer | External user name length |
general_ip.str |
string | Connected user IP address |
general_ip.length |
unsigned integer | Connection user IP address length |
general_command.str indicates a command
name: Query, Execute,
Quit, or Change user.
A general event with the
general_command.str field set to
Query or Execute
contains general_sql_command.str set to a
value that specifies the type of SQL command:
alter_db,
alter_db_upgrade,
admin_commands, and so forth. These
values can be seen as the last components of the Performance
Schema instruments displayed by this statement:
- +---------------------------------------+
- | NAME |
- +---------------------------------------+
- | statement/sql/alter_db |
- | statement/sql/alter_db_upgrade |
- | statement/sql/alter_event |
- | statement/sql/alter_function |
- | statement/sql/alter_instance |
- | statement/sql/alter_procedure |
- | statement/sql/alter_server |
- ...
A table-access event provides information about specific table accesses. Table 6.32, “Table-Access Event Fields” indicates the permitted fields for table-access events.
Table 6.32 Table-Access Event Fields
| Field Name | Field Type | Description |
|---|---|---|
connection_id |
unsigned integer | Event connection ID |
sql_command_id |
integer | SQL command ID |
query.str |
string | SQL statement text |
query.length |
unsigned integer | SQL statement text length |
table_database.str |
string | Database name associated with event |
table_database.length |
unsigned integer | Database name length |
table_name.str |
string | Table name associated with event |
table_name.length |
unsigned integer | Table name length |
The following list shows which statements produce which table-access events:
readevent:SELECTINSERT ... SELECT(for tables referenced inSELECTclause)REPLACE ... SELECT(for tables referenced inSELECTclause)UPDATE ... WHERE(for tables referenced inWHEREclause)HANDLER ... READ
deleteevent:DELETETRUNCATE TABLE
insertevent:INSERTINSERT ... SELECT(for table referenced inINSERTclause)REPLACEREPLACE ... SELECT(for table referenced inREPLACEclauseLOAD DATALOAD XML
updateevent:UPDATEUPDATE ... WHERE(for tables referenced inUPDATEclause)
event items can include an
abort item that indicates whether to
prevent qualifying events from executing. For example,
abort enables rules to be written that
block execution of specific SQL statements.
The abort item must appear within an
event item. For example:
"event": {
"name": qualifying event subclass names
"abort": condition
}
For event subclasses selected by the name
item, the abort action is true or false,
depending on condition
evaluation. If the condition evaluates to true, the event is
blocked. Otherwise, the event continues executing.
The condition specification can
be as simple as true or
false, or it can be more complex such
that evaluation depends on event characteristics.
This filter blocks INSERT,
UPDATE, and
DELETE statements:
{
"filter": {
"class": {
"name": "table_access",
"event": {
"name": [ "insert", "update", "delete" ],
"abort": true
}
}
}
}
This more complex filter blocks the same statements, but
only for a specific table
(finances.bank_account):
{
"filter": {
"class": {
"name": "table_access",
"event": {
"name": [ "insert", "update", "delete" ],
"abort": {
"and": [
{ "field": { "name": "table_database.str", "value": "finances" } },
{ "field": { "name": "table_name.str", "value": "bank_account" } }
]
}
}
}
}
}Statements matched and blocked by the filter return an error to the client:
ERROR 1045 (28000): Statement was aborted by an audit log filterNot all events can be blocked (see Table 6.29, “Log and Abort Characteristics Per Event Class and Subclass Combination”). For an event that cannot, the audit log writes a warning to the error log rather than blocking it.
For attempts to define a filter in which the
abort item appears elsewhere than in an
event item, an error occurs.
Logical operators (and,
or, not) can be used
in log items. This permits construction
of more advanced filtering configurations:
{
"filter": {
"class": {
"name": "general",
"event": {
"name": "status",
"log": {
"or": [
{
"and": [
{ "field": { "name": "general_command.str", "value": "Query" } },
{ "field": { "name": "general_command.length", "value": 5 } }
]
},
{
"and": [
{ "field": { "name": "general_command.str", "value": "Execute" } },
{ "field": { "name": "general_command.length", "value": 7 } }
]
}
]
}
}
}
}
}
To refer to a predefined variable in a
log condition, use a
variable item, which tests equality
against a given value:
{
"filter": {
"class": {
"name": "general",
"event": {
"name": "status",
"log": {
"variable": {
"name": "audit_log_connection_policy_value", "value": "::none"
}
}
}
}
}
}
Each predefined variable corresponds to a system variable.
By writing a filter that tests a predefined variable, you
can modify filter operation by setting the corresponding
system variable, without having to redefine the filter. For
example, by writing a filter that tests the value of the
audit_log_connection_policy_value
predefined variable, you can modify filter operation by
changing the value of the
audit_log_connection_policy
system variable.
The
audit_log_
system variables are used for the legacy mode audit log (see
Section 6.4.5.7, “Legacy Mode Audit Log Filtering”). With
rule-based audit log filtering, those variables remain
visible (for example, using xxx_policySHOW
VARIABLES), but changes to them have no effect
unless you write filters containing constructs that refer to
them.
The following list describes the permitted predefined
variables for variable items:
audit_log_connection_policy_valueThis variable corresponds to the value of the
audit_log_connection_policysystem variable. The value is an unsigned integer. Table 6.33, “audit_log_connection_policy_value Values” shows the permitted values and the correspondingaudit_log_connection_policyvalues.Table 6.33 audit_log_connection_policy_value Values
Value Corresponding audit_log_connection_policy Value 0or"::none"NONE1or"::errors"ERRORS2or"::all"ALLThe
"::values are symbolic pseudo-constants that may be given instead of the literal numeric values. They must be quoted as strings and are case-sensitive.xxx"audit_log_policy_valueThis variable corresponds to the value of the
audit_log_policysystem variable. The value is an unsigned integer. Table 6.34, “audit_log_policy_value Values” shows the permitted values and the correspondingaudit_log_policyvalues.Table 6.34 audit_log_policy_value Values
Value Corresponding audit_log_policy Value 0or"::none"NONE1or"::logins"LOGINS2or"::all"ALL3or"::queries"QUERIESThe
"::values are symbolic pseudo-constants that may be given instead of the literal numeric values. They must be quoted as strings and are case-sensitive.xxx"audit_log_statement_policy_valueThis variable corresponds to the value of the
audit_log_statement_policysystem variable. The value is an unsigned integer. Table 6.35, “audit_log_statement_policy_value Values” shows the permitted values and the correspondingaudit_log_statement_policyvalues.Table 6.35 audit_log_statement_policy_value Values
Value Corresponding audit_log_statement_policy Value 0or"::none"NONE1or"::errors"ERRORS2or"::all"ALLThe
"::values are symbolic pseudo-constants that may be given instead of the literal numeric values. They must be quoted as strings and are case-sensitive.xxx"
To refer to a predefined function in a
log condition, use a
function item, which takes
name and args values
to specify the function name and its arguments,
respectively:
{
"filter": {
"class": {
"name": "general",
"event": {
"name": "status",
"log": {
"function": {
"name": "find_in_include_list",
"args": [ { "string": [ { "field": "user.str" },
{ "string": "@"},
{ "field": "host.str" } ] } ]
}
}
}
}
}
}
The function as specified in the name
item should be the function name only, without parentheses
or the argument list. Arguments in the
args item, if there is one, must be given
in the order listed in the function description. Arguments
can refer to predefined variables, event fields, or string
or numeric constants.
The preceding filter determines whether to log
general class status
events depending on whether the current user is found in the
audit_log_include_accounts
system variable. That user is constructed using fields in
the event.
The following list describes the permitted predefined
functions for function items:
audit_log_exclude_accounts_is_null()Checks whether the
audit_log_exclude_accountssystem variable isNULL. This function can be helpful when defining filters that correspond to the legacy audit log implementation.Arguments:
None.
audit_log_include_accounts_is_null()Checks whether the
audit_log_include_accountssystem variable isNULL. This function can be helpful when defining filters that correspond to the legacy audit log implementation.Arguments:
None.
debug_sleep(millisec)Sleeps for the given number of milliseconds. This function is used during performance measurement.
debug_sleep()is available for debug builds only.Arguments:
millisec: An unsigned integer that specifies the number of milliseconds to sleep.
find_in_exclude_list(account)Checks whether an account string exists in the audit log exclude list (the value of the
audit_log_exclude_accountssystem variable).Arguments:
account: A string that specifies the user account name.
find_in_include_list(account)Checks whether an account string exists in the audit log include list (the value of the
audit_log_include_accountssystem variable).Arguments:
account: A string that specifies the user account name.
string_find(text, substr)Checks whether the
substrvalue is contained in thetextvalue. This search is case-sensitive.Arguments:
text: The text string to search.substr: The substring to search for intext.
In some cases, the filter definition can be changed
dynamically. To do this, define a filter
configuration within an existing filter.
For example:
{
"filter": {
"id": "main",
"class": {
"name": "table_access",
"event": {
"name": [ "update", "delete" ],
"log": false,
"filter": {
"class": {
"name": "general",
"event" : { "name": "status",
"filter": { "ref": "main" } }
},
"activate": {
"or": [
{ "field": { "name": "table_name.str", "value": "temp_1" } },
{ "field": { "name": "table_name.str", "value": "temp_2" } }
]
}
}
}
}
}
}
A new filter is activated when the
activate element within a subfilter
evaluates to true. Using
activate in a top-level
filter is not permitted.
A new filter can be replaced with the original one by using
a ref item inside the subfilter to refer
to the original filter id.
The filter shown operates like this:
The
mainfilter waits fortable_accessevents, eitherupdateordelete.If the
updateordeletetable_accessevent occurs on thetemp_1ortemp_2table, the filter is replaced with the internal one (without anid, since there is no need to refer to it explicitly).If the end of the command is signalled (
general/statusevent), an entry is written to the audit log file and the filter is replaced with themainfilter.
The filter is useful to log statements that update or delete
anything from the temp_1 or
temp_2 tables, such as this one:
The statement generates multiple
table_access events, but the audit log
file will contain only general /
status entries.
Any id values used in the definition
are evaluated with respect only to that definition. They
have nothing to do with the value of the
audit_log_filter_id
system variable.
Traduction non disponible
Le manuel MySQL n'est pas encore traduit en français sur l'infobrol. Seule la version anglaise est disponible pour l'instant.
Document créé le 26/06/2006, dernière modification le 26/10/2018
Source du document imprimé : https://www.gaudry.be/mysql-rf-audit-log-filtering.html
L'infobrol est un site personnel dont le contenu n'engage que moi. Le texte est mis à disposition sous licence CreativeCommons(BY-NC-SA). Plus d'info sur les conditions d'utilisation et sur l'auteur.
Références
Ces références et liens indiquent des documents consultés lors de la rédaction de cette page, ou qui peuvent apporter un complément d'information, mais les auteurs de ces sources ne peuvent être tenus responsables du contenu de cette page.
L'auteur de ce site est seul responsable de la manière dont sont présentés ici les différents concepts, et des libertés qui sont prises avec les ouvrages de référence. N'oubliez pas que vous devez croiser les informations de sources multiples afin de diminuer les risques d'erreurs.
