liavs
commented
6 years ago Hi
is there anybody out there ? :-)
maybe my question was not clear enough... here's some more info:
the following record appears in my audit log: {"msg-type":"activity","date":"1528632467176","thread-id":"107355","query-id":"1220825","user":"myuser","priv_user":"myuser","ip":"127.0.0.1","host":"localhost","connect_attrs":{"_runtime_version":"1.7.0_111","_client_version":"5.1.38","_client_name":"MySQL Connector Java","_client_license":"GPL","_runtime_vendor":"Oracle Corporation"},"status":"0","cmd":"set_option","query":"SET autocommit=1"}
what I would like is to catch all of the events with related to set_option. in the above line from audit log: "cmd":"set_option" but from these events, I would like to exclude only the events fiting this pattern: "query":"SET autocommit=1" "query":"SET autocommit=0"
how do I do it? I saw that someone goes by the name/nickname imreFitos, developed it. if an admin sees this issue, can u please forward it to him ?
(https://github.com/mcafee/mysql-audit/wiki/Changelog "New configuration option: audit_whitelist_cmds: Comma separated list of white-listed cmds whose queries are not recorded. Contributed by @imreFitos.")
Thanks a lot !!! :-)
Hi
in the variable "audit_record_cmds" I defined (among other cmds ) the SET_OPTION command to be audited. How ever I would like to EXCLUDE the sub command "SET autocommit". I failed doing it by defining "audit_whitelist_cmds" .
1) How can I do it , if not by "audit_whitelist_cmds"? 2) if to be done from "audit_whitelist_cmds", what is the correct syntax ?
Thanks :-)