Skip to content

Audit Log Filter format - XML (old style)

The old style XML format uses <AUDIT> tag as the root element and adds the </AUDIT> tag when the file closes. Each audited event is contained in an element.

The order of the attributes within an can vary. Certain attributes are in every element. Other attributes are optional and depend on the type of audit record.

<?xml version="1.0" encoding="utf-8"?>
<AUDIT>
  <AUDIT_RECORD
    NAME="Audit"
    RECORD_ID="0_2023-03-29T11:15:52"
    TIMESTAMP="2023-03-29T11:15:52"
    SERVER_ID="1"/>
  <AUDIT_RECORD
    NAME="Command Start"
    RECORD_ID="1_2023-03-29T11:15:53"
    TIMESTAMP="2023-03-29T11:15:53"
    STATUS="0"
    CONNECTION_ID="1"
    COMMAND_CLASS="query"/>
  <AUDIT_RECORD
    NAME="Query"
    RECORD_ID="2_2023-03-29T11:15:53"
    TIMESTAMP="2023-03-29T11:15:53"
    COMMAND_CLASS="create_table"
    CONNECTION_ID="11"
    HOST="localhost"
    IP=""
    USER="root[root] @ localhost []"
    OS_LOGIN=""
    SQLTEXT="CREATE TABLE t1 (c1 INT)"
    STATUS="0"/>
  <AUDIT_RECORD
    NAME="Query Start"
    RECORD_ID="3_2023-03-29T11:15:53"
    TIMESTAMP="2023-03-29T11:15:53"
    STATUS="0"
    CONNECTION_ID="11"
    COMMAND_CLASS="create_table"
    SQLTEXT="CREATE TABLE t1 (c1 INT)"/>
  <AUDIT_RECORD
    NAME="Query Status End"
    RECORD_ID="4_2023-03-29T11:15:53"
    TIMESTAMP="2023-03-29T11:15:53"
    STATUS="0"
    CONNECTION_ID="11"
    COMMAND_CLASS="create_table"
    SQLTEXT="CREATE TABLE t1 (c1 INT)"/>
  <AUDIT_RECORD
    NAME="Query"
    RECORD_ID="5_2023-03-29T11:15:53"
    TIMESTAMP="2023-03-29T11:15:53"
    COMMAND_CLASS="create_table"
    CONNECTION_ID="11"
    HOST="localhost"
    IP=""
    USER="root[root] @ localhost []"
    OS_LOGIN=""
    SQLTEXT="CREATE TABLE t1 (c1 INT)"
    STATUS="0"/>
  <AUDIT_RECORD
    NAME="Command End"
    RECORD_ID="6_2023-03-29T11:15:53"
    TIMESTAMP="2023-03-29T11:15:53"
    STATUS="0"
    CONNECTION_ID="1"
    COMMAND_CLASS="query"/>
</AUDIT>

The required attributes are the following:

HTML Table Generator
Attribute Name
Description
 NAME  The action that generated the audit record.
 RECORD_ID  The RECORD_ID consists of a sequence number and a timestamp value. The sequence number is initialized when the plugin opens the audit log filter file.
 TIMESTAMP  Displays the date and time when the audit event happened.

The optional attributes are the following:

HTML Table Generator
Attribute Name
Description
COMMAND_CLASS
Type of action performed
CONNECTION_ID Client connection identifier
CONNECTION_TYPE Connection security type
DB Database name
HOST Client's hostname
IP Client's IP address
MYSQL_VERSION Server version
OS_LOGIN The user name used during an external authentication, for example, if the user is authenticated through an LDAP plugin. If the authentication plugin does not set a value or the user is authenticated using MySQL authentication, this value is empty.
OS_VERSION Server's operating system
PRIV_USER The user name used by the server when checking privileges. This name may be different than USER.
PROXY_USER The proxy user. If a proxy is not used, the value is empty.
SERVER_ID Server Identifier
SQLTEXT SQL statement text
STARTUP_OPTIONS Server startup options, either command line or config files
STATUS Command's status - a 0 (zero) is a success, a non-zero is an error
STATUS_CODE A 0 (zero) is a success, a non-zero is an error
TABLE Table name
USER  Client's user name - this name may be different than PRIV_USER.
VERSION Format of audit log filter

Get expert help

If you need assistance, visit the community forum for comprehensive and free database knowledge, or contact our Percona Database Experts for professional support and services.


Last update: 2024-12-27