Provided by: mysql-utilities_1.6.4-1_all bug

NAME

       mysqlauditadmin - Maintain the audit log

SYNOPSIS

       mysqlauditadmin [OPTIONS]...  mysqlauditadmin [OPTIONS]... [COMMAND] mysqlauditadmin
       l=user:pass@host:port [OPTIONS]... [COMMAND[--value=VALUE]] mysqlauditadmin --file-stats
       --audit-log-name=FULL_PATH mysqlauditadmin copy --audit-log-name=FULL_PATH
       --copy-to=DESTINATION [--remote-login=user:host]

DESCRIPTION

       This utility allows you to maintain the audit log including the ability to view and modify
       a subset of audit log control variables, display the audit log file status, perform
       on-demand rotation of the log file, and copy files to other locations. These features
       enable you to easily monitor the audit log file growth and control its rotation
       (automatically based on the defined file size threshold, or manually by a on-demand
       command).

       Rotation refers to the action of replacing the current audit log file by a new one for
       continuous use, renaming (with a timestamp extension) and copying the previously used
       audit log file to a defined location for archival purposes.

       The available actions include the following:

       •   copy

           This command copies the audit log specified by --audit-log-name to the destination
           path specified by --copy-to. The --remote-login option can be used to copy log files
           from a remote location. Note: the destination path must be locally accessible by the
           current user.

       •   policy

           The policy command is used to change the audit logging policy. The accepted values
           include the following, which are set using the --value option.

               Note
               The --server option is also required to execute this command.

               Starting from MySQL server 5.6.20 and 5.7.5, the value is read only for the
               audit_log_policy variable. MySQL server 5.7.9 introduced two new variables:
               audit_log_connection_policy and audit_log_statement_policy whose values are
               determined based on the presence and value of the audit_log_policy startup
               variable. See the MySQL reference manual for more information about how the policy
               variables are set. These changes are supported starting from MySQL Utilities
               1.5.2.

           •   ALL: log all events

           •   NONE: log nothing

           •   LOGINS: only log login events

           •   QUERIES: only log query events

           •   DEFAULT: sets the default log policy

       •   rotate_on_size

           This command sets the file size threshold for automatic rotation of the audit log (the
           audit_log_rotate_on_size variable). The value is set using the --value option, and
           must be in the range (0, 4294967295). This command also requires the --server option
           to be specified. Note: if the variable is set with a value that is not a multiple of
           4096, then it is truncated to the nearest multiple.

       •   rotate

           This command is used to perform an on-demand audit log rotation, and only requires the
           --server option to be passed. Note: this command has no effect if the audit log file
           size is smaller than 4096, which is the minimum value allowed that is greater than 0
           for the audit_log_rotate_on_size variable).
       OPTIONS.PP mysqlauditadmin accepts the following command-line options:

       •   --audit-log-name=<AUDIT_LOG_FILE>

           Full path and filename for the audit log file. Used by the --file-stats option, and
           the copy command.

       •   --copy-to=<COPY_DESTINATION>

           The location to copy the specified audit log file. The path must be locally accessible
           for the current user.

       •   --file-stats

           Display the audit log file statistics.

       •   --help

           Display a help message and exit.

       •   --license

           Display license information and exit.

       •   --remote-login=<REMOTE_LOGIN>

           User name and host to be used for the remote login, for copying log files. It is
           defined using the following format: <user>:<host or IP>. Usage will prompt for the
           password.

       •   --server=<SERVER>

           Connection information for the server.

           To connect to a server, it is necessary to specify connection parameters such as the
           user name, host name, password, and either a port or socket. MySQL Utilities provides
           a number of ways to supply this information. All of the methods require specifying
           your choice via a command-line option such as --server, --master, --slave, etc. The
           methods include the following in order of most secure to least secure.

           •   Use login-paths from your .mylogin.cnf file (encrypted, not visible). Example :
               <login-path>[:<port>][:<socket>]

           •   Use a configuration file (unencrypted, not visible) Note: available in
               release-1.5.0. Example : <configuration-file-path>[:<section>]

           •   Specify the data on the command-line (unencrypted, visible). Example :
               <user>[:<passwd>]@<host>[:<port>][:<socket>]

       •   --show-options

           Display the audit log system variables.

       •   --ssl-ca

           The path to a file that contains a list of trusted SSL CAs.

       •   --ssl-cert

           The name of the SSL certificate file to use for establishing a secure connection.

       •   --ssl-cert

           The name of the SSL key file to use for establishing a secure connection.

       •   --ssl

           Specifies if the server connection requires use of SSL. If an encrypted connection
           cannot be established, the connection attempt fails. Default setting is 0 (SSL not
           required).

       •   --value=<VALUE>

           Value used to set variables based on the specified commands, such as policy and
           rotate_on_size.

       •   --verbose, -v

           Specify how much information to display. Use this option multiple times to increase
           the amount of information. For example, -v = verbose, -vv = more verbose, -vvv =
           debug.

       •   --version

           Display version information and exit.
       NOTES.PP This utility can only be applied to servers with the audit log plugin enabled.
       And the audit log plugin is available as of MySQL Server versions 5.5.28 and 5.6.10.

       This utility requires Python version 2.6 or higher, but does not support Python 3.

       The path to the MySQL client tools should be included in the PATH environment variable in
       order to use the authentication mechanism with login-paths. This will allow the utility to
       use the my_print_defaults tools, which is required to read the login-path values from the
       login configuration file (.mylogin.cnf). This feature exists as of MySQL Server 5.6.6, see
       mysql_config_editor — MySQL Configuration Utility[1].

       Changes to MySQL Enterprise Audit are not documented here, so your output might be
       different than the examples shown. For example, a new (or removed) MySQL Enterprise Audit
       option might affect the output.  LIMITATIONS.PP The --remote-login option is not supported
       on Microsoft Windows platforms. For Microsoft Windows, use UNC paths and perform a local
       copy operation, omitting the
        --remote-login option.  EXAMPLES.PP To display the audit log system variables, run the
       following command:

           shell> mysqlauditadmin --show-options --server=root@localhost:3310
           #
           # Showing options after command.
           #
           # Audit Log Variables and Options
           #
           +------------------------------+---------------+
           | Variable_name                | Value         |
           +------------------------------+---------------+
           | audit_log_buffer_size        | 1048576       |
           | audit_log_connection_policy  | NONE          |
           | audit_log_current_session    | ON            |
           | audit_log_exclude_accounts   |               |
           | audit_log_file               | audit.log     |
           | audit_log_flush              | OFF           |
           | audit_log_format             | OLD           |
           | audit_log_include_accounts   |               |
           | audit_log_policy             | ALL           |
           | audit_log_rotate_on_size     | 0             |
           | audit_log_statement_policy   | ALL           |
           | audit_log_strategy           | ASYNCHRONOUS  |
           +------------------------------+---------------+

       To perform a (manual) rotation of the audit log file, use the following command:

           shell> mysqlauditadmin --server=root@localhost:3310 rotate
           #
           # Executing ROTATE command.
           #

       To display the audit log file statistics, run the following command:

           shell> mysqlauditadmin --file-stats --audit-log-name=../SERVER/data/audit.log
             +------------------------------+--------+---------------------------+---------------------------+
             | File                         | Size   | Created                   | Last Modified             |
             +------------------------------+--------+---------------------------+---------------------------+
             | audit.log                    | 3258   | Wed Sep 26 11:07:43 2012  | Wed Sep 26 11:07:43 2012  |
             | audit.log.13486539046497235  | 47317  | Wed Sep 26 11:05:04 2012  | Wed Sep 26 11:05:04 2012  |
             +------------------------------+--------+---------------------------+---------------------------+

       To change the audit log policy to log only query events, and show the system variables
       before and after the execution of the policy command, use the following command:

           shell> mysqlauditadmin --show-options --server=root@localhost:3310 policy \
                  --value=QUERIES
           #
           # Showing options before command.
           #
           # Audit Log Variables and Options
           #
           +------------------------------+---------------+
           | Variable_name                | Value         |
           +------------------------------+---------------+
           | audit_log_buffer_size        | 1048576       |
           | audit_log_connection_policy  | ALL           |
           | audit_log_current_session    | ON            |
           | audit_log_exclude_accounts   |               |
           | audit_log_file               | audit.log     |
           | audit_log_flush              | OFF           |
           | audit_log_format             | OLD           |
           | audit_log_include_accounts   |               |
           | audit_log_policy             | ALL           |
           | audit_log_rotate_on_size     | 0             |
           | audit_log_statement_policy   | ALL           |
           | audit_log_strategy           | ASYNCHRONOUS  |
           +------------------------------+---------------+
           #
           # Executing POLICY command.
           #
           #
           # Showing options after command.
           #
           # Audit Log Variables and Options
           #
           +------------------------------+---------------+
           | Variable_name                | Value         |
           +------------------------------+---------------+
           | audit_log_buffer_size        | 1048576       |
           | audit_log_connection_policy  | NONE          |
           | audit_log_current_session    | ON            |
           | audit_log_exclude_accounts   |               |
           | audit_log_file               | audit.log     |
           | audit_log_flush              | OFF           |
           | audit_log_format             | OLD           |
           | audit_log_include_accounts   |               |
           | audit_log_policy             | ALL           |
           | audit_log_rotate_on_size     | 0             |
           | audit_log_statement_policy   | ALL           |
           | audit_log_strategy           | ASYNCHRONOUS  |
           +------------------------------+---------------+

       To change the audit log automatic file rotation size (audit_log_rotate_on_size) to 32535,
       and show the system variables before and after the execution of the rotate_on_size
       command, use the following command. (Notice that the value set is actually 28672 because
       the specified rotate_on_size value is truncated to a multiple of 4096):

           shell> mysqlauditadmin --show-options --server=root@localhost:3310 rotate_on_size \
                  --value=32535
           #
           # Showing options before command.
           #
           # Audit Log Variables and Options
           #
           +------------------------------+---------------+
           | Variable_name                | Value         |
           +------------------------------+---------------+
           | audit_log_buffer_size        | 1048576       |
           | audit_log_connection_policy  | ALL           |
           | audit_log_current_session    | ON            |
           | audit_log_exclude_accounts   |               |
           | audit_log_file               | audit.log     |
           | audit_log_flush              | OFF           |
           | audit_log_format             | OLD           |
           | audit_log_include_accounts   |               |
           | audit_log_policy             | ALL           |
           | audit_log_rotate_on_size     | 0             |
           | audit_log_statement_policy   | ALL           |
           | audit_log_strategy           | ASYNCHRONOUS  |
           +------------------------------+---------------+
           #
           # Executing POLICY command.
           #
           #
           # Showing options after command.
           #
           # Audit Log Variables and Options
           #
           +------------------------------+---------------+
           | Variable_name                | Value         |
           +------------------------------+---------------+
           | audit_log_buffer_size        | 1048576       |
           | audit_log_connection_policy  | NONE          |
           | audit_log_current_session    | ON            |
           | audit_log_exclude_accounts   |               |
           | audit_log_file               | audit.log     |
           | audit_log_flush              | OFF           |
           | audit_log_format             | OLD           |
           | audit_log_include_accounts   |               |
           | audit_log_policy             | ALL           |
           | audit_log_rotate_on_size     | 28672         |
           | audit_log_statement_policy   | ALL           |
           | audit_log_strategy           | ASYNCHRONOUS  |
           +------------------------------+---------------+

       To perform a copy of a audit log file to another location, use the following command:

           shell> mysqlauditadmin --audit-log-name=../SERVER/data/audit.log.13486539046497235 \
                  copy --copy-to=/BACKUP/Audit_Logs

       To copy a audit log file from a remote server/location to the current location (user
       password will be prompted), use the following command:

           shell> mysqlauditadmin --audit-log-name=audit.log.13486539046497235 \
                  copy --remote-login=user:host --copy-to=.

       PERMISSIONS REQUIRED.PP The user must have permissions to read the audit log file(s) on
       disk and write the file(s) to the remote location.

COPYRIGHT

       Copyright © 2006, 2016, Oracle and/or its affiliates. All rights reserved.

       This documentation is free software; you can redistribute it and/or modify it only under
       the terms of the GNU General Public License as published by the Free Software Foundation;
       version 2 of the License.

       This documentation is distributed in the hope that it will be useful, but WITHOUT ANY
       WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
       PURPOSE. See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with the program;
       if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
       Boston, MA 02110-1301 USA or see http://www.gnu.org/licenses/.

NOTES

        1. mysql_config_editor — MySQL Configuration Utility
           http://dev.mysql.com/doc/refman/5.7/en/mysql-config-editor.html

SEE ALSO

       For more information, please refer to the MySQL Utilities and Fabric documentation, which
       is available online at http://dev.mysql.com/doc/index-utils-fabric.html

AUTHOR

       Oracle Corporation (http://dev.mysql.com/).