'\" t
.\" Title: \fBmysqlauditadmin\fR
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
.\" Date: 08/30/2013
.\" Manual: MySQL Utilities
.\" Source: MySQL 1.3.4
.\" Language: English
.\"
.TH "\FBMYSQLAUDITADMIN\F" "1" "08/30/2013" "MySQL 1\&.3\&.4" "MySQL Utilities"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.\" mysqlauditadmin
.\" utilities: mysqlauditadmin
.\" scripts
.SH "NAME"
mysqlauditadmin \- Maintain the audit log
.SH "SYNOPSIS"
.\".HP \w'\fBmysqlauditadmin\ [\fR\fB\fIOPTIONS\fR\fR\fB]\&.\&.\&.\ \fR\fBmysqlauditadmin\ [\fR\fB\fIOPTIONS\fR\fR\fB]\&.\&.\&.\ [\fR\fB\fICOMMAND\fR\fR\fB]\fR\fBmysqlauditadmin\ l=\fR\fB\fIuser:pass@host:port\fR\fR\fB\ [\fR\fB\fIOPTIONS\fR\fR\fB]\&.\&.\&.\ [\fR\fB\fICOMMAND\fR\fR\fB[\-\-value=\fR\fB\fIVALUE\fR\fR\fB]]\fR\fBmysqlauditadmin\ \-\-file\-stats\ \-\-audit\-log\-name=\fR\fB\fIFULL_PATH\fR\fR\fBmysqlauditadmin\ copy\ \-\-audit\-log\-name=\fR\fB\fIFULL_PATH\fR\fR\fB\ \-\-copy\-to=\fR\fB\fIDESTINATION\fR\fR\fB\ [\-\-remote\-login=\fR\fB\fIuser:host\fR\fR\fB]\fR\ 'u
\fBmysqlauditadmin [\fR\fB\fIOPTIONS\fR\fR\fB]\&.\&.\&. \fR
\fBmysqlauditadmin [\fR\fB\fIOPTIONS\fR\fR\fB]\&.\&.\&. [\fR\fB\fICOMMAND\fR\fR\fB]\fR
\fBmysqlauditadmin l=\fR\fB\fIuser:pass@host:port\fR\fR\fB [\fR\fB\fIOPTIONS\fR\fR\fB]\&.\&.\&. [\fR\fB\fICOMMAND\fR\fR\fB[\-\-value=\fR\fB\fIVALUE\fR\fR\fB]]\fR
\fBmysqlauditadmin \-\-file\-stats \-\-audit\-log\-name=\fR\fB\fIFULL_PATH\fR\fR
\fBmysqlauditadmin copy \-\-audit\-log\-name=\fR\fB\fIFULL_PATH\fR\fR\fB \-\-copy\-to=\fR\fB\fIDESTINATION\fR\fR\fB [\-\-remote\-login=\fR\fB\fIuser:host\fR\fR\fB]\fR
.SH "DESCRIPTION"
.PP
This utility allow you to maintain the
\m[blue]\fBaudit log\fR\m[]\&\s-2\u[1]\d\s+2, allowing you to monitor the audit log file growth and control its rotation\&. Rotation refers to the action of replacing the current audit log file by a new one for continuous use, renaming (with a timestamp extension) and copying the previously used audit log file to a defined location\&.
.PP
This utility allows you to view and modify a subset of audit log control variables, display the audit log file status, perform on\-demand rotation of the log file, and copy files to other locations\&. These features enable you to easily monitor the audit log file growth and control its rotation (automatically based on the defined file size threshold, or manually by a on\-demand command)\&.
.PP
The available actions include the following:
.sp
.RS 4
.ie n \{\
\h'-04' 1.\h'+01'\c
.\}
.el \{\
.sp -1
.IP " 1." 4.2
.\}
\fBcopy\fR
.sp
This command copies the audit log specified by
\fB\-\-audit\-log\-name\fR
to the destination path specified by
\fB\-\-copy\-to\fR\&. The
\fB\-\-remote\-login\fR
option can be used to copy log files from a remote location\&. Note: the destination path must be locally accessible by the current user\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 2.\h'+01'\c
.\}
.el \{\
.sp -1
.IP " 2." 4.2
.\}
\fBpolicy\fR
.sp
The policy command is used to change the audit logging policy\&. The accepted values are the following, which are set using the
\fB\-\-value\fR
option\&.
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
The
\fB\-\-server\fR
option is also required to execute this command\&.
.sp .5v
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ALL: log all events
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
NONE: log nothing
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
LOGINS: only log login events
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
QUERIES: only log query events
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
DEFAULT: sets the default log policy
.RE
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 3.\h'+01'\c
.\}
.el \{\
.sp -1
.IP " 3." 4.2
.\}
\fBrotate_on_size\fR
.sp
This command sets the file size threshold for automatic rotation of the audit log (the
audit_log_rotate_on_size
variable)\&. The value is set using the
\fB\-\-value\fR
option, and must be in the range (0, 4294967295)\&. This command also requires the
\fB\-\-server\fR
option to be specified\&. Note: if the variable is set with a value that is not a multiple of 4096, then it is truncated to the nearest multiple\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 4.\h'+01'\c
.\}
.el \{\
.sp -1
.IP " 4." 4.2
.\}
\fBrotate\fR
.sp
This command is used to perform an on\-demand audit log rotation, and only requires the
\fB\-\-server\fR
option to be passed\&. Note: this command has no effect if the audit log file size is smaller than 4096, which is the minimum value allowed that is greater than 0 for the
audit_log_rotate_on_size variable
variable)\&.
.RE
OPTIONS
.PP
\fBmysqlauditadmin\fR
accepts the following command\-line options:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-audit\-log\-name=
.sp
Full path and file name for the audit log file\&. Used by the
\fB\-\-file\-stats\fR
option, and the
\fIcopy\fR
command\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-copy\-to=
.sp
The location to copy the specified audit log file\&. The path must be locally accessible for the current user\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-file\-stats
.sp
Display the audit log file statistics\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-help
.sp
Display a help message and exit\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-remote\-login=
.sp
User name and host to be used for the remote login, for copying log files\&. It is defined using the following format: <\fIuser\fR>:<\fIhost or IP\fR>\&. Usage will prompt for the password\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-server=
.sp
Connection information for the server in the format: <\fIuser\fR>[:<\fIpasswd\fR>]@<\fIhost\fR>[:<\fIport\fR>][:<\fIsocket\fR>] or <\fIlogin\-path\fR>[:<\fIport\fR>][:<\fIsocket\fR>]\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-show\-options
.sp
Display the audit log system variables\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-value=
.sp
Value used to set variables based on the specified commands, such as
\fIpolicy\fR
and
\fIrotate_on_size\fR\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-server1=
.sp
Connection information for the first server in the format: <\fIuser\fR>[:<\fIpasswd\fR>]@<\fIhost\fR>[:<\fIport\fR>][:<\fIsocket\fR>] or <\fIlogin\-path\fR>[:<\fIport\fR>][:<\fIsocket\fR>]\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-verbose, \-v
.sp
Specify how much information to display\&. Use this option multiple times to increase the amount of information\&. For example,
\fB\-v\fR
= verbose,
\fB\-vv\fR
= more verbose,
\fB\-vvv\fR
= debug\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\-\-version
.sp
Display version information and exit\&.
.RE
NOTES
.PP
This utility is available as of μ 1\&.2\&.0\&.
.PP
This utility can only be applied to servers with the
\m[blue]\fBaudit log plugin enabled\fR\m[]\&\s-2\u[2]\d\s+2\&. And the audit log plugin is available as of MySQL Server versions 5\&.5\&.28 and 5\&.6\&.10\&.
.PP
This utility requires Python version 2\&.6 or higher, but does not support Python 3\&.
.PP
The path to the MySQL client tools should be included in the
PATH
environment variable in order to use the authentication mechanism with login\-paths\&. This will allow the utility to use the
my_print_defaults
tools, which is required to read the login\-path values from the login configuration file (\&.mylogin\&.cnf)\&. This feature exists as of MySQL Server 5\&.6\&.6, see
\m[blue]\fB\fBmysql_config_editor\fR \(em MySQL Configuration Utility\fR\m[]\&\s-2\u[3]\d\s+2\&.
LIMITATIONS
.PP
The
\fB\-\-remote\-login\fR
option is not supported on Microsoft Windows platforms\&. For Microsoft Windows, use
UNC
paths and perform a local copy operation, omitting the
\fB \-\-remote\-login\fR
option\&.
EXAMPLES
.PP
To display the audit log system variables, run the following command:
.sp
.if n \{\
.RS 4
.\}
.nf
$ mysqlauditadmin \-\-show\-options \-\-server=root@localhost:3310
#
# Audit Log Variables and Options
#
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| Variable_name | Value |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| audit_log_buffer_size | 1048576 |
| audit_log_file | audit\&.log |
| audit_log_flush | OFF |
| audit_log_policy | ALL |
| audit_log_rotate_on_size | 0 |
| audit_log_strategy | ASYNCHRONOUS |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
.fi
.if n \{\
.RE
.\}
.PP
To perform a (manual) rotation of the audit log file, use the following command:
.sp
.if n \{\
.RS 4
.\}
.nf
shell> mysqlauditadmin \-\-server=root@localhost:3310 rotate
#
# Executing ROTATE command\&.
#
.fi
.if n \{\
.RE
.\}
.PP
To display the audit log file statistics, run the following command:
.sp
.if n \{\
.RS 4
.\}
.nf
shell> mysqlauditadmin \-\-file\-stats \-\-audit\-log\-name=\&.\&./SERVER/data/audit\&.log
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| File | Size | Created | Last Modified |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| audit\&.log | 3258 | Wed Sep 26 11:07:43 2012 | Wed Sep 26 11:07:43 2012 |
| audit\&.log\&.13486539046497235 | 47317 | Wed Sep 26 11:05:04 2012 | Wed Sep 26 11:05:04 2012 |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
.fi
.if n \{\
.RE
.\}
.PP
To change the audit log policy to log only query events, and show the system variables before and after the execution of the
\fIpolicy\fR
command, use the following command:
.sp
.if n \{\
.RS 4
.\}
.nf
shell> mysqlauditadmin \-\-show\-options \-\-server=root@localhost:3310 policy \e
\-\-value=QUERIES
#
# Showing options before command\&.
#
# Audit Log Variables and Options
#
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| Variable_name | Value |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| audit_log_buffer_size | 1048576 |
| audit_log_file | audit\&.log |
| audit_log_flush | OFF |
| audit_log_policy | ALL |
| audit_log_rotate_on_size | 0 |
| audit_log_strategy | ASYNCHRONOUS |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
#
# Executing POLICY command\&.
#
#
# Showing options after command\&.
#
# Audit Log Variables and Options
#
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| Variable_name | Value |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| audit_log_buffer_size | 1048576 |
| audit_log_file | audit\&.log |
| audit_log_flush | OFF |
| audit_log_policy | QUERIES |
| audit_log_rotate_on_size | 0 |
| audit_log_strategy | ASYNCHRONOUS |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
.fi
.if n \{\
.RE
.\}
.PP
To change the audit log automatic file rotation size to 32535, and show the system variables before and after the execution of the
\fIrotate_on_size\fR
command, use the following command\&. (Notice that the value set is actually 28672 because the specified rotate_on_size value is truncated to a multiple of 4096):
.sp
.if n \{\
.RS 4
.\}
.nf
shell> mysqlauditadmin \-\-show\-options \-\-server=root@localhost:3310 rotate_on_size \e
\-\-value=32535
#
# Showing options before command\&.
#
# Audit Log Variables and Options
#
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| Variable_name | Value |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| audit_log_buffer_size | 1048576 |
| audit_log_file | audit\&.log |
| audit_log_flush | OFF |
| audit_log_policy | ALL |
| audit_log_rotate_on_size | 0 |
| audit_log_strategy | ASYNCHRONOUS |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
#
# Executing ROTATE_ON_SIZE command\&.
#
#
# Showing options after command\&.
#
# Audit Log Variables and Options
#
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| Variable_name | Value |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| audit_log_buffer_size | 1048576 |
| audit_log_file | audit\&.log |
| audit_log_flush | OFF |
| audit_log_policy | ALL |
| audit_log_rotate_on_size | 28672 |
| audit_log_strategy | ASYNCHRONOUS |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
.fi
.if n \{\
.RE
.\}
.PP
To perform a copy of a audit log file to another location, use the following command:
.sp
.if n \{\
.RS 4
.\}
.nf
shell> mysqlauditadmin \-\-audit\-log\-name=\&.\&./SERVER/data/audit\&.log\&.13486539046497235 \e
copy \-\-copy\-to=/BACKUP/Audit_Logs
.fi
.if n \{\
.RE
.\}
.PP
To copy a audit log file from a remote server/location to the current location (user password will be prompted), use the following command:
.sp
.if n \{\
.RS 4
.\}
.nf
shell> mysqlauditadmin \-\-audit\-log\-name=audit\&.log\&.13486539046497235 \e
copy \-\-remote\-login=user:host \-\-copy\-to=\&.
.fi
.if n \{\
.RE
.\}
.SH "COPYRIGHT"
.br
.SH "NOTES"
.IP " 1." 4
audit log
.RS 4
\%http://dev.mysql.com/doc/refman/5.6/en/audit-log-plugin.html
.RE
.IP " 2." 4
audit log plugin enabled
.RS 4
\%http://dev.mysql.com/doc/refman/5.6/en/audit-log-plugin-installation.html
.RE
.IP " 3." 4
\fBmysql_config_editor\fR \(em MySQL Configuration Utility
.RS 4
\%http://dev.mysql.com/doc/refman/5.6/en/mysql-config-editor.html
.RE
.SH "SEE ALSO"
For more information, please refer to the MySQL Utilities section
of the MySQL Workbench Reference Manual, which is available online
at http://dev.mysql.com/doc/workbench/en/.
.SH AUTHOR
Oracle Corporation (http://dev.mysql.com/).