Audit log doesn't track default database changes
Description
Environment
Attachments
Smart Checklist
Activity
Julia Vural March 4, 2025 at 9:02 PM
It appears that this issue is no longer being worked on, so we are closing it for housekeeping purposes. If you believe the issue still exists, please open a new ticket after confirming it's present in the latest release.
Peter Schwaller November 27, 2018 at 1:24 PM
Deferred during 8.0 bug triage meeting.
Tomislav Plavcic November 12, 2018 at 9:56 AM
Investigated more, here's some conclusions:
5.6 seems unaffected by this issue (Connect/Quit/Query all seem to show correct database under which the query was executed)
5.5 doesn't have DB field in all cases (only for Connect/Quit but not for Query log entry), all other greater versions seem to have DB field always. Tried also with different format (new/json) but it's the same.
Connect/Quit entries seem to work OK for ALL versions, which means you can connect to one DB, select another then quit and audit log will show this correctly in Connect/Quit log entries, so I would say that Query log entry (maybe some other but not sure now) is problematic
DOC page with the example for the old format (default one) doesn't mention DB field as additional fields (https://www.percona.com/doc/percona-server/5.7/management/audit_log_plugin.html#log-format)- this specific example is probably from 5.5 which doesn't have DB field always like other versions do (see point 2.).
Logs from 5.5 and 5.6:
Laurynas Biveinis November 12, 2018 at 8:25 AM
What's the 5.5/5.6 status of the issue?
Details
Details
Assignee
Reporter
Time tracking
Affects versions
Priority
MediumSmart Checklist
Open Smart Checklist
Smart Checklist
When you connect to PS server audit log always shows the database which was specified upon connecting and if you switch default database it will always show the first one in the log. Consequently if you didn't specify any upon connecting DB field will always be empty.
Here's the test case:
In my log files CASE1 is when I connected without specifying default database and CASE2 is where I specified "test" database as default upon connecting.
In CASE1 you can see following:
so here DB field is empty, but table "t2" is actually in "test2" database.
In CASE2 we get following:
so here DB="test", but this is wrong because the actual database of table "t2" is "test2" but it is showing the "test" here because I used that one when first connecting to the server.
For this particular issue you don't even need "set global audit_log_include_databases='test';" but I left it because my logs were created with it so I don't have to record again.