HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

Audit logins on MySQL database

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
auditmysqlloginsdatabase

Problem

Is there a way to audit logins to MySQL? I'd like to be able to create a username for each employee and thereby create an audit trail of logins. However, googling has turned up no good results.

The more we can audit, the better. At the very least, it would be nice to know who logged in when. It would be even better to see who executed what query when. The logs are there mostly to tell clients we have them since there is potentially sensitive information in the database.

Obviously, being able to audit the queries executed by each user (and when) would also give us the ability to better pinpoint who is the cause of an security issue if one should arise.

Solution

You would probably want to use the general query log.


The general query log is a general
record of what mysqld is doing. The
server writes information to this log
when clients connect or disconnect,
and it logs each SQL statement
received from clients.

One important thing with logging for security is that an attacker cannot access the log to erase traces of their presence, so consider append-only files.

FWIW in Oracle we can send logs automatically to a remote syslog, but I don't believe MySQL has this feature yet. Perhaps you could fake it with SNMP but I have not tried it.

Context

StackExchange Database Administrators Q#668, answer score: 8

Revisions (0)

No revisions yet.