sql - How to filter mysql audit log by user account -

-

my issue disable root user audit logging still logging these user. please help. here did step step.

[setp -1] check audit log variable.

mysql> show variables 'audit_log%'; +-----------------------------+--------------+ | variable_name               | value        | +-----------------------------+--------------+ | audit_log_buffer_size       | 1048576      | | audit_log_connection_policy |          | | audit_log_current_session   | on           | | audit_log_exclude_accounts  |              | | audit_log_file              | audit.log    | | audit_log_flush             | off          | | audit_log_format            | old          | | audit_log_include_accounts  |              | | audit_log_policy            |          | | audit_log_rotate_on_size    | 0            | | audit_log_statement_policy  |          | | audit_log_strategy          | asynchronous | +-----------------------------+--------------+ 12 rows in set (0.00 sec)

[setp-2] following statement disable audit logging root account.

-- audit_log_include_accounts null set global audit_log_include_accounts = null; set global audit_log_exclude_accounts = root@%;

note: used root@% instead root@localhost because of database server can access ip address.

[setp-3] call select statement select * ssvr_audit_log remote pc.

[step-4] checked audit log in db server.

 <audit_record timestamp="2016-04-22t03:49:11 utc" record_id="593_2016-04-22t01:28:17" name="query" connection_id="6" status="0" status_code="0" user="root[root] @  [162.16.22.48]" os_login="" host="" ip="162.16.22.48" command_class="show_create_table" sqltext="show create table `ssvr_audit_log`"/>   <audit_record timestamp="2016-04-22t03:49:12 utc" record_id="594_2016-04-22t01:28:17" name="query" connection_id="7" status="0" status_code="0" user="root[root] @  [162.16.22.48]" os_login="" host="" ip="162.16.22.48" command_class="select" sqltext="select * `ssvr_audit_log` limit 0, 1000"/>   <audit_record timestamp="2016-04-22t03:49:12 utc" record_id="595_2016-04-22t01:28:17" name="query" connection_id="7" status="0" status_code="0" user="root[root] @  [162.16.22.48]" os_login="" host="" ip="162.16.22.48" command_class="show_fields" sqltext="show columns `tldssvr`.`ssvr_audit_log`"/>   <audit_record timestamp="2016-04-22t03:49:13 utc" record_id="596_2016-04-22t01:28:17" name="quit" connection_id="7" status="0" status_code="0" user="root" os_login="" host="" ip="162.16.22.48" command_class="connect"/>

here reference link enter link description here

i got answer question. here correct answer. when facing issue, can follow below steps.

audit log filtering account

  1. list ‘audit log’ configuration items

>	mysql -u root -p  >	show variables ‘audit_log%’;  +-----------------------------+--------------+  | variable_name               | value        |  +-----------------------------+--------------+  | audit_log_buffer_size       | 1048576      |  | audit_log_connection_policy |          |  | audit_log_current_session   | off          |  | audit_log_exclude_accounts  |              |  | audit_log_file              | audit.log    |  | audit_log_flush             | off          |  | audit_log_format            | old          |  | audit_log_include_accounts  |              |  | audit_log_policy            |          |  | audit_log_rotate_on_size    | 0            |  | audit_log_statement_policy  |          |  | audit_log_strategy          | asynchronous |  +-----------------------------+--------------+

  1. to add remote application server host name , ip address in database server. 

    > cat /etc/hosts  > 127.0.0.1   localhost localhost.localdomain localhost4  localhost4.localdomain4    162.16.22.48 app_pc   ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

  2. to disable audit logging application database user (root) local host , remote host accounts.

> mysql –u root –p  >set global audit_log_include_accounts = null;  >set global audit_log_exclude_accounts = 'root@localhost,root@app_pc';

  1. list ‘audit log’ configuration items , check audit_log_exclude_account value.

> show variables 'audit_log%';  > +-----------------------------+----------------------------+  | variable_name               | value                      |  +-----------------------------+----------------------------+  | audit_log_buffer_size       | 1048576                    |  | audit_log_connection_policy |                        |  | audit_log_current_session   | off                        |  | audit_log_exclude_accounts  | root@localhost,root@app_pc |  | audit_log_file              | audit.log                  |  | audit_log_flush             | off                        |  | audit_log_format            | old                        |  | audit_log_include_accounts  |                            |  | audit_log_policy            |                        |  | audit_log_rotate_on_size    | 0                          |  | audit_log_statement_policy  |                        |  | audit_log_strategy          | asynchronous               |  +-----------------------------+----------------------------+


Comments

Post a Comment

Popular posts from this blog

html - Styling progress bar with inline style -

-
i trying set progress bar color red using inline style. need in way because have access <body> part of document. style need apply: progress { color: red } progress::-moz-progress-bar { background: red;} progress::-webkit-progress-value { background: red; } progress[aria-valuenow]:before { background: red; } i tried <progress style="background: red;"> incorrect effect, progress bar color turns blue red background. guide right direction desired style? thank in advance. here live example: https://jsfiddle.net/z36d3f6l/
Read more

java - Oracle Sql developer error: could not install some modules -

-
i have downloaded fresh copy of sqldeveloper ( sqldeveloper-4.1.3.20.78-no-jre ) oracle website. when unzip , lauch gui, keep getting following error message: warning - not install modules: dynamic module config - no module providing capability org.netbeans.netbinox found. my system: windows 7 32 bit hp probook. jdk 1.6 , 1.7, 1.8 available in java/jdk subdirectory. netbeans 8.0.2 installed finally got way out after dirty hours. extracted sqldeveloper zip in nested directory. i.e: e://a/b/c/sqldeveloper. starting sqldeveloper gui above directory threw erros. solution: go in c:\users**username**\appdata\roaming : delete sql developer , sqldeveloper folders extract sql developer zip in new non nested directory. i.e: e:// start , should work now reference: https://community.oracle.com/thread/3870680?start=0&tstart=0
Read more

How to use autoclose brackets in Jupyter notebook? -

-
this may sound silly question, how make use of autoclose brackets in jupyter notebook? example, when type print( jupyter notebook auto-closes brakets print() and places cursor inside. type argument, say print(1 + 1) now cursor between second 1 , right bracket ) . key navigate right of ) ? of course can press end or → or ) achieve this, not seem save time, purpose of brackets autoclose suppose? thanks in advance.
Read more