Apply filter:
"class": "table_access", "command": ["DROP", "ALTER", "TRUNCATE"], "log": true percona audit plugin
SET GLOBAL audit_log_logging_events = 'connect,query,table_access'; : -- Apply simple filter: log only failed logins
SET GLOBAL audit_log_filter = ' ... json ... '; "audit_record": "timestamp": "2025-02-18T10:23:45.123 UTC", "id": 202502, "class": "general", "event": "status", "connection_id": 54321, "user": "webapp@10.0.1.55", "host": "10.0.1.55", "database": "ecommerce", "command": "Query", "sqltext": "UPDATE orders SET status='shipped' WHERE order_id=12345", "status": 0, "rows_examined": 1, "rows_sent": 0 It captures events such as connections, queries, table
SELECT VARIABLE_VALUE FROM performance_schema.global_status WHERE VARIABLE_NAME = 'audit_log_lost_events'; If > 0, increase audit_log_buffer_size (default 1MB → set to 4–8MB).
-- Apply simple filter: log only failed logins + DROP/ALTER SET GLOBAL audit_log_filter = ' "filter": "class": "general", "event": "status", "log": false , "rule": [
1. Overview The Percona Audit Log Plugin is a server-side extension for MySQL and MariaDB (primarily distributed with Percona Server for MySQL) that provides comprehensive logging of database activity. Unlike the basic general query log, the audit plugin is designed for compliance, security monitoring, and forensic analysis. It captures events such as connections, queries, table accesses, and administrative actions without impacting performance as severely as the general log.