Audit Logs
The Audit Log plugin allows all login/logout records to be stored in a log file. It is enabled in Charmed MySQL by default.
Overview
The following is a sample of the audit logs, with format json with login/logout records:
{"audit_record":{"name":"Quit","record":"6_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"992","status":0,"user":"clusteradmin","priv_user":"clusteradmin","os_login":"","proxy_user":"","host":"localhost","ip":"","db":""}}
{"audit_record":{"name":"Connect","record":"7_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"993","status":1156,"user":"","priv_user":"","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}}
{"audit_record":{"name":"Connect","record":"8_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"994","status":0,"user":"serverconfig","priv_user":"serverconfig","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}}
The logs are stored in the /var/snap/charmed-mysql/common/var/log/mysql directory, and it’s rotated
every minute to the /var/snap/charmed-mysql/common/var/log/mysql/archive_audit directory.
It’s recommended to integrate the charm with COS, from where the logs can be easily persisted and queried using Loki/Grafana.
Configurations
-
plugin-audit-enabled- The audit plugin is enabled by default in the charm, but it’s possible to disable it by setting:juju config mysql plugin-audit-enabled=falseValid value are
falseandtrue. By setting it to false, existing logs are still kept in thearchive_auditdirectory. -
plugin-audit-strategy- By default the audit plugin writes logs in asynchronous mode for better performance. To ensure logs are written to disk on more timely fashion, this configuration can be set to semi-synchronous mode:juju config mysql plugin-audit-strategy=semi-asyncValid values are
asyncandsemi-async.