Description:
In sql/sql_acl.cc, we have the following code:
general_log_print(thd, command, "%s@%s as %s on %s", ...);
However, general_log_print does not forward that information to the audit plugin. The offending code below:
bool general_log_print(THD *thd, enum enum_server_command command,
const char *format, ...)
{
...
if (! logger.log_command(thd, command, "", 0))
return FALSE;
...
}
Because the call to mysql_audit_general_log is inside LOGGER::log_command, the audit event does not contain information about who is connecting. This information should be present.
How to repeat:
Look at a audit event during a LOG connect event. Notice that the "query" field is empty.
Suggested fix:
Forward the information needed.
Note that this is not a problem in 5.7 because the call to mysql_audit_general_log was moved out of LOGGER::log_command. This is another possible fix.
Description: In sql/sql_acl.cc, we have the following code: general_log_print(thd, command, "%s@%s as %s on %s", ...); However, general_log_print does not forward that information to the audit plugin. The offending code below: bool general_log_print(THD *thd, enum enum_server_command command, const char *format, ...) { ... if (! logger.log_command(thd, command, "", 0)) return FALSE; ... } Because the call to mysql_audit_general_log is inside LOGGER::log_command, the audit event does not contain information about who is connecting. This information should be present. How to repeat: Look at a audit event during a LOG connect event. Notice that the "query" field is empty. Suggested fix: Forward the information needed. Note that this is not a problem in 5.7 because the call to mysql_audit_general_log was moved out of LOGGER::log_command. This is another possible fix.