%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /backups/router/usr/local/share/syslog-ng/include/scl/mariadb/
Upload File :
Create Path :
Current File : //backups/router/usr/local/share/syslog-ng/include/scl/mariadb/audit.conf

#############################################################################
# Copyright (c) 2022 CC-IN2P3
# Copyright (c) 2022 Fabien Wernli
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published
# by the Free Software Foundation, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
# As an additional exemption you are allowed to compile & link against the
# OpenSSL libraries as published by the OpenSSL project. See the file
# COPYING for details.
#
#############################################################################

# Parse mysql/mariadb audit log
#
# See https://mariadb.com/kb/en/mariadb-audit-plugin/
# To enable mariadb/mysql audit logging follow instructions
# Make sure server_audit_output_type is set to 'syslog'
#
# Format is [timestamp][syslog_host][syslog_ident]:[syslog_info][serverhost],[username],[host],[connectionid],[queryid],[operation],[database],[object],[retcode]
# See https://mariadb.com/kb/en/mariadb-audit-plugin-log-format/
#
# Example logs:
# <190>Apr 13 14:43:13 mysql-server_auditing:  columnstore-1 eff8a68bcd7f,user1,172.18.0.1,32,394,QUERY,syslog_ng,'SELECT * FROM test WHERE 0=1',1146
# <190>Sep 14 17:46:51 centos mysql-server_auditing: columnstore-1 centos,root,localhost,11,117,QUERY,loans,'SELECT grade, AVG(loan_amnt) avg,FROM loanstats GROUP BY grade ORDER BY grade',0
# <190>Apr 29 13:56:36 mysql-server_auditing: docker eff8a68bcd7f,root,172.18.0.3,13,0,CONNECT,,,0
# <190>Apr 29 13:56:32 mysql-server_auditing: docker eff8a68bcd7f,root,172.18.0.3,12,0,FAILED_CONNECT,,,1045
# <190>Apr 29 13:56:16 mysql-server_auditing: docker eff8a68bcd7f,user1,172.18.0.3,11,58,QUERY,syslog_ng,'insert into test (date, host, program, message) VALUES(\'Apr 29 15:55:24\', \'locohost\', \'test-program\', \'foo fighters bar baz\')',0
#

block parser mariadb-audit-parser(prefix('.mariadb.') template("$MESSAGE")) {
    channel {
        parser {
            csv-parser(
                columns(
                    '`prefix`serverhost',
                    '`prefix`username',
                    '`prefix`host',
                    '`prefix`connectionid',
                    '`prefix`queryid',
                    '`prefix`operation',
                    '`prefix`database',
                    '`prefix`object',
                    '`prefix`retcode'
                ),
                delimiters(','),
                template(`template`),
                flags(
                    greedy,
                    drop-invalid,
                    escape-backslash
                ),
                quote-pairs("''")
            );
        };
        parser {
            regexp-parser(prefix(`prefix`) patterns('^\s*(?<syslog_info>\S*?)(?: )?(?<serverhost>\S+)$') template('${`prefix`serverhost}'));
        };
    };
};

Zerion Mini Shell 1.0