Feature Request: Setting to Remove Derived Asterisk

trellix-enterprise / mysql-audit

AUDIT Plugin for MySQL. See wiki and readme for description. If you find the plugin useful, please star us on GitHub. We love stars and it's a great way to show your feedback.

Other

232 stars 57 forks source link

Feature Request: Setting to Remove Derived Asterisk #114

Open utdrmac opened 9 years ago

utdrmac commented 9 years ago

If a query is executed with a table that is derived, an * is recorded in the audit event. As this isn't too helpful in a real audit, FR for a setting to ignore/don't-log these.

{
    "db" : "",
    "name" : "*",
    "obj_type" : "TABLE"
}

glicht commented 9 years ago

Can you provide an example of a query and the resulting json log entry. On Jun 17, 2015 5:52 PM, "Matthew" notifications@github.com wrote:

If a query is executed with a table that is derived, an * is recorded in the audit event. As this isn't too helpful in a real audit, FR for a setting to ignore/don't-log these.

{ "db" : "", "name" : "*", "obj_type" : "TABLE" }

— Reply to this email directly or view it on GitHub https://github.com/mcafee/mysql-audit/issues/114.

utdrmac commented 9 years ago

SELECT * FROM (SELECT * FROM foo) a;

{"msg-type":"activity","date":"1434557705062","thread-id":"16728373","query-id":"446961855","user":"percona","priv_user":"percona","host":"localhost","cmd":"select","objects":[{"db":"","name":"*","obj_type":"TABLE"},{"db":"percona","name":"foo","obj_type":"TABLE"}],"query":"SELECT * FROM (SELECT * FROM foo) a"}