@@warning_count and SHOW WARNINGS empty for NOTE

[atze234]

Hi,

with audit Plugin loaded SHOW WARNINGS and select @@warning_count doesn't report any NOTES to me, when there should be NOTES:

Server version: 5.5.47-0+deb7u1-log (Debian)

mysql> use mysql mysql> create table if not exists user (id int); Query OK, 0 rows affected, 1 warning (0.01 sec)

mysql> select @@warning_count; +-----------------+ | @@warning_count | +-----------------+ | 0 | +-----------------+ 1 row in set (0.01 sec)

Without Plugin loaded: mysql> create table if not exists user (id int); Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> select @@warning_count; +-----------------+ | @@warning_count | +-----------------+ | 1 | +-----------------+ 1 row in set (0.00 sec)

The reported Note should be: mysql> show warnings; +-------+------+-----------------------------+ | Level | Code | Message | +-------+------+-----------------------------+ | Note | 1050 | Table 'user' already exists | +-------+------+-----------------------------+

When i produce a WARNING ( select abs("a");) the warning is reported correctly. I'm using the latest Plugin Version 1.0.9-545 with mysql 5.5.47 on Debian 7.

Thanks for your help Jörg

[atze234]

I tried with latest Release Version 1.0.8-527 and the reported Offsets from 1.0.9-545 (audit_offsets=6120, 6168, 3792, 4288, 88, 2592, 96, 0, 32, 104, 120, 6264)

Problem is still there then, so i think its related to 5.5.47 (Debian) or the offsets.

edit: i extracted the offsets from debian wheezy Package - seems ok: //offsets for: mysql-5.5.47/builddir/sql/mysqld (5.5.47-0) {"5.5.47-0","75cf0fbc69619284b80533621739d145", 6120, 6168, 3792, 4288, 88, 2592, 96, 0, 32, 104, 120, 6240}

[aharonrobbins]

Thanks for the report. We will try to investigate.

[glicht]

@atze234,

I just tried out your exact version: 5.5.47-0+deb7u1-log (Debian) and didn't see this reproduce with the latest plugin release: 1.0.9-585.

It might be something specific to your configuration. Can you send out your my.cnf configuration. Also can you include the mysql-error.log. It may contain some more info to understand your configuration.

[atze234]

@guylichtman ,

may i send you the Information in a private channel anywhere?

[aharonrobbins]

Please send to me as well; Guy and I work in the same office and it’s likely that I will end up working on it.

Thanks,

Aharon (Arnold) Robbins Senior Software Engineer Sensor - Database Security McAfee. Part of Intel Security. [cid:image003.png@01CF5AF2.16A4D380]

From: atze234 [mailto:notifications@github.com] Sent: Wednesday, April 13, 2016 11:17 To: mcafee/mysql-audit mysql-audit@noreply.github.com Cc: Robbins, Aharon aharon.robbins@intel.com Subject: Re: [mcafee/mysql-audit] @@warning_count and SHOW WARNINGS empty for NOTE (#137)

@guylichtmanhttps://github.com/guylichtman ,

may i send you the Information in a private channel anywhere?

— You are receiving this because you commented. Reply to this email directly or view it on GitHubhttps://github.com/mcafee/mysql-audit/issues/137#issuecomment-209297357

[glicht]

Just to update, we had some email exchanges with @atze234 and from what we see the issue is happening on a specific system they have. It is not reproducing on other system with a similar setup. Unfortunately the system is not available for debugging. We are planning a small architecture change which may resolve this issue in the future.

In the mean time, if any one encounters the same behavior please update this issue.

[atze234]

Hi, the Problem just disappeared with Debian mysql 5.5.49 and Audit Plugin 601.

[glicht]

Closing the issue. If it does come up again. Feel free to reach out.