TessellAPIsLabsFAQsBlogsVideos

Percona Audit Plugin

Tessell offers an audit log plugin for MySQL Community edition based on open source Percona Server Audit Plugin. This provides comprehensive tracking of database user activities including connections, queries, and data modifications to help meet compliance and auditing requirements. The audit logs are stored in a log file on each database node.

Audit Log Settings

Tessell supports the following audit log parameters for the Percona Audit Plugin. For detailed parameter descriptions, refer to Percona Audit Plugin Variables documentation.

Parameter Setting
Default Value
Valid Values
Description

audit_log_strategy

ASYNCHRONOUS

ASYNCHRONOUS, PERFORMANCE, SEMISYNCHRONOU, SYNCHRONOUS

Defines logging method. It is a static parameter.

audit_log_buffer_size

1048576

4096 - 18446744073709547520

Size of memory buffer used in ASYNCHRONOUS or PERFORMANCE modes (in bytes). It is a static parameter.

audit_log_format

JSON

OLD, NEW, CSV, JSON

This variable is used to specify the audit log format. It is a static parameter.

audit_log_exclude_accounts

"rep_user@%,'root'@'localhost','tessell_monitor'@'%'"

Excludes specified user accounts; exclusive with include_accounts. It is a dynamic parameter.

audit_log_exclude_databases

Excludes specified databases; exclusive with include_databases. It is a dynamic parameter.

audit_log_policy

ALL

ALL, LOGINS, QUERIES, NONE

Determines the type of events to log. It is a dynamic parameter.

audit_log_rotations

10

0-100

Specifies how many rotated logs to keep. It is a static parameter.

audit_log_rotate_on_size

10485760

0-18446744073709551615

Log rotates when reaching this size. It is a dynamic parameter.

MySQL Audit Plugin Support Matrix

Tessell-managed MySQL Database
Supported via Option Profile?

MySQL Community Edition 8.0

✅ Yes

MySQL Community Edition 8.4

❌ No

MySQL Community Edition 5.7

❌ No

Enabling Percona Audit Plugin

You can enable the Percona Audit Plugin on a MySQL DB instance using an Option Profile. When enabled, Tessell automatically reboots the DB instance, so it is recommended to perform this action during a maintenance window or low-traffic period.

When applied to a DB cluster, the option profile is propagated to all nodes (Primary, HA, RR, and DR).

Steps to enable Percona Audit Plugin

  1. Sign in to the Tessell Console.

  2. From the left navigation pane, go to Governance and open the DB Governance App.

  3. Go to the Options tab from the menu.

  4. Click Create to create a new option profile.

  5. In the Source details section:

    1. DB Engine : Choose MySQL from dropdown menu

    2. Version : Choose 8.0

    3. Profile Name : Provide a unique option profile name

    4. Description (Optional): A brief description of the option profile.

  6. In Option Section:

    1. Click Option Settings and it opens a pop up window to configure audit parameter settings.

    2. Change the settings of your desired parameters..

    3. Click Submit to save the changes.

  7. Click Create button to begin the creation of option profile with audit log enabled.

  8. After it is created, open the My Services App from the DB Services section in the left navigation pane.

  9. Choose your DB service for which you want to enable Percona Audit Log Plugin.

  10. Click on “︙” Icon in the right side of the pane and choose Change Option Profile from the menu.

  11. In the Option profile dropdown, choose your newly created Option profile.

  12. Provide your consent to apply this change immediately by checking the box and hitting the Apply button.

  13. Tessell automatically reboots the db instance when you attach the option profile. After the option profile is associated with the DB instance, you should see status as “In-sync” for Option profile in the Instance tab of your DB service.

Modifying Percona Audit Plugin Settings

After you enable the Percona Audit Plugin, you can modify the settings. You can only modify parameter values in a custom-created option profile; you cannot change the parameter values in a default option profile.

When you modify dynamic parameters, changes are applied to DB instances immediately without a reboot. Static parameters require a database restart, which Tessell automatically performs reboot of the DB instance.

To modify parameters in Option profile:

  1. Sign in to the Tessell Console.

  2. From the left navigation pane, go to Governance and open the DB Governance App.

  3. Go to the Options tab from the menu.

  4. Select your option profile from the list.

  5. Click on Option Settings in Percona Audit Plugin.

    1. Modify your desired parameters.

    2. Click Submit to save the changes.

  6. Click Save button to begin the modification of the DB instance associated with the option profile.

Disabling Percona Audit Plugin

Tessell does not support disabling Percona Audit logging directly. However, you may contact Tessell Support to have the plugin removed from the DB instance. Removing the Percona Audit Plugin requires a database restart to stop auditing.

Viewing and Download Audit Logs

Audit logs can be viewed at the individual node level, with support for time-based filtering.

Steps to View and download Audit Logs

  1. Sign in to the Tessell Console.

  2. From the left navigation pane, go to DB Services and open the My Services App.

  3. Choose your MySQL DB service for which you want to check the database audit log.

  4. Go to the Logs tab from the menu.

  5. Select the mysql_audit_log in MySQL Log section from the left navigation menu to view the audit logs.

  6. You can also download the logs to your local by clicking the Download button.

  7. A .zip file is generated based on your selected log and time window.

  8. Save the file to your local machine.

PreviousOption for MySQLNextMySQL Support Matrix

Last updated

Was this helpful?