Wednesday, June 17, 2020

How can I stop writing SQL Statement into MySQL Audit Log at run time without MySQL Restart ?


How can I Disable MySQL Audit Log while Server is running?



You can turn off MySQL Enterprise Audit Log without restart of MySQL , sometimes we wanted to turn off auditing to test some functionalities in database.
If you wanted to revise about 5 W (what ,why ,where,when,who) about MySQL Enterprise Audit please have a look on my previous blog.
https://mysqlsolutionsarchitect.blogspot.com/2020/05/using-mysql-enterprise-audit-filtering.html
mysql document page:- https://dev.mysql.com/doc/refman/8.0/en/audit-log-installation.html
First Check Whether Audit is running or not?
mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE'audit%';
+-------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+-------------+---------------+
| audit_log   | ACTIVE        |
+-------------+---------------+
1 row in set (0.00 sec)

mysql> show variables like '%audit%';
+--------------------------------------+--------------+
| Variable_name                        | Value        |
+--------------------------------------+--------------+
| audit_log_buffer_size                | 1048576      |
| audit_log_compression                | NONE         |
| audit_log_connection_policy          | ALL          |
| audit_log_current_session            | ON           |
| audit_log_encryption                 | NONE         |
| audit_log_exclude_accounts           |              |
| audit_log_file                       | audit.log    |
| audit_log_filter_id                  | 0            |
| audit_log_flush                      | OFF          |
| audit_log_format                     | NEW          |
| audit_log_include_accounts           |              |
| audit_log_password_history_keep_days | 0            |
| audit_log_policy                     | ALL          |
| audit_log_read_buffer_size           | 32768        |
| audit_log_rotate_on_size             | 0            |
| audit_log_statement_policy           | ALL          |
| audit_log_strategy                   | ASYNCHRONOUS |
+--------------------------------------+--------------+
17 rows in set (0.01 sec)

To disable there are two ways to do
1.Edit my.cnf file and comment these two lines and restart MySQL Server.
>>Open my.ini file
      #plugin-load=audit_log.dll     ##for Linux – audit_log.so file    
      #audit-log=FORCE_PLUS_PERMANENT
>>Restart MySQL Server
 2.Without Server Restart.
There is audit system variables(audit_log_statement_policy, audit_log_connection_policy), which control the policy how the audit log plugin writes statement events to its log file.
By default these values are ALL , which means that you can log everything’s.



mysql> set global audit_log_statement_policy=NONE;
Query OK, 0 rows affected (0.00 sec)

mysql> set global audit_log_connection_policy=NONE;
Query OK, 0 rows affected (0.00 sec)

Note:- Plugin would remain active but it audit file will not have any entry thereafter.


Thank you for using MySQL !!!
Feel free to suggest , correct , share your ideas/pains so that i can write more blog on MySQL.



Posted by at
Location: Mumbai, Maharashtra, India

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)