Bug #68891 mysqlauditgrep --query-type filter reports false positives
Submitted: 8 Apr 2013 21:29 Modified: 11 Jul 2013 3:18
Reporter: Todd Farmer (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Utilities Severity:S3 (Non-critical)
Version:1.3.0 OS:Any
Assigned to: CPU Architecture:Any

[8 Apr 2013 21:29] Todd Farmer 
Description:
mysqlauditgrep doesn't truly identify the query type, but instead looks for certain keywords, leading to false positives:
C:\Program Files\MySQL\MySQL Utilities>mysqlauditgrep --query-type=SELECT d:\mysql-advanced-5.6.10-win32\data\audit.log
+---------+----------------------+----------+-------------------------------------------------------------------------------------------------------------+----------------+
| STATUS  | TIMESTAMP            | NAME     | SQLTEXT                                                                                                     | CONNECTION_ID  |
+---------+----------------------+----------+-------------------------------------------------------------------------------------------------------------+----------------+
| 0       | 2013-04-08T21:22:55  | Query    | create table select_one (a INT)                                                                             | 9              |
| 0       | 2013-04-08T21:22:57  | Query    | /* test */ drop table /* nothing */ select_one                                                              | 9              |
+---------+----------------------+----------+-------------------------------------------------------------------------------------------------------------+----------------+

How to repeat:
This is true for identifiers as well as string literals in commands - mysqlauditgrep's --query-type option simply needs additional sophistication to be able to meaningfully identify significant false positives.  Ideally, the audit log source itself would provide this level of detail.

Suggested fix:
Eliminate false positives in mysqlauditgrep's --query-type filtering.
[11 Jul 2013 3:18] Philip Olson 
Fixed as of MySQL Utilities 1.2.4/1.3.3, and here's the changelog entry:

The "mysqlauditgrep" utility option "--query-type" was improved to avoid
false positives.

Thank you for the bug report.