cannot just record audit policy changing without record other set_option queries

[yonglezhu]

if I want to record audit policy changing,for example,somebody runs 'set global audit_json_file=OFF'.Under the circumstances，I should audit 'set_option' command.But There are many other query like 'set autocommit=1' being recorded.

[aharonrobbins]

Hi. Can you please explain your comment more? What is happening that you think should not happen, or, conversely, what is not happening that you think should be happening?

Thanks.

[yonglezhu]

should happen: there should be a kind of cmd that just include audit configuration changing.

[aharonrobbins]

You may be able to get what you want by using the audit_record_cmds configuration variable.

[yonglezhu]

audit_record_cmds cannot make a distinction between 'set audit_json_file=on' and 'set autocommit=1'.if I only want to audit 'set audit_json_file=on' and do not want to audit 'set autocommit=1',what should I do?

[aharonrobbins]

At the moment there is a not way to do this. We will consider if and how to change this. Thanks.

[yonglezhu]

Thanks. I need to audit if someone turn off the auditting,but if I set audit_record_cmds to include set_option,threre will be many other command being recorded，like 'set autocommit=1|0','set session transaction read only|write',etc.

[aharonrobbins]

I understand what you want to do. Unfortunately, there currently is no way to do exactly what you want. In the short term, you can modify the plugin itself to do the checking, since the full text of the statement is available.