Bug #60782 Audit plugin API: no MYSQL_AUDIT_GENERAL_LOG notifications with general log off
Submitted: 6 Apr 2011 17:05 Modified: 19 Aug 2014 15:06
Reporter: Olle Nilsson Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S4 (Feature request)
Version:5.5 OS:Any
Assigned to: CPU Architecture:Any
Tags: Audit plugin, MYSQL_AUDIT_GENERAL_LOG

[6 Apr 2011 17:05] Olle Nilsson
Description:
When writing audit plugins it is not possible to get notifications for general-log events without enabling the general-log.

As described here:
http://dev.mysql.com/doc/refman/5.5/en/writing-audit-plugins.html
audit notifications only occurs for MYSQL_AUDIT_GENERAL_LOG events with the general_log enabled. It would presumably be more useful for those notifications to be generated regardless of the general_log being enabled or not. 

A short discussion on this can be found here (see the 2 comments):
http://karlssonondatabases.blogspot.com/2010/03/more-on-mysql-audit-plugin-interface.html

How to repeat:
It is documented behavior.

Suggested fix:
Perhaps as described in the linked blogpost:
Have the general_log variables have 3 values (ON, AUDIT_ONLY and OFF).
[14 Apr 2011 17:01] Valeriy Kravchuk
Thank you for the feature request.
[19 Aug 2014 15:06] Paul DuBois
Noted in 5.7.5 changelog.

Notification of events for the general log were received by the audit
log plugin only of the general query log was enabled. Now
notifications are posted regardless of whether the general query log
is enabled.
[16 Feb 2015 18:37] Paul DuBois
Noted in 5.6.24 changelog.
[13 Mar 2015 12:53] Paul DuBois
Removed from 5.6.24 changelog.
[20 Mar 2015 13:48] Paul DuBois
Noted in 5.6.24 changelog.
[27 Apr 2015 14:32] Laurynas Biveinis
commit 38dcb9fb00d5cb1a398977edc56fa0f454037498
Author: Kristofer Pettersson <kristofer.pettersson@oracle.com>
Date:   Tue Mar 17 13:59:31 2015 +0100

    Bug #20536590: BACKPORT BUG #12368204 AND BUG #16953758 TO MYSQL-5.6
    
    Backported the fixes.
    Partially backported the fix for bug #19463877 too :
    the part about different audit events count for the different
    protocols.
    Changed the strategy of the original fix to account for the lack
    of the changes done in WL#6613 as follows:
    Instead of mixing the calls to the audit log API by calling them
    both outside of the general log hooks and inside some
    moved all audit log API calls inside the general log hooks but
    before any checks to the general log options. Made sure that the
    general log hooks are called regardless of the value of the
    general log option and moved all checking of it inside the
    hooks.
    Changed the binary log calles used by the prepared statement
    code to use the convenience hooks instead of directly calling the
    LOGGER functions. Ensured that prepared statements pass down the
    query text.
    Getting it from the THD is not correct for prepared statements.
    ** Added an extra test file that tests firewall with general log off.