Enable and Configure MariaDB Log Auditing with the Server_Audit Plugin
This guide walks through verifying the MariaDB server_audit plugin, installing it via configuration files or SQL, setting audit event variables, enabling logging, and restarting the MySQL service in a Kubernetes environment to achieve comprehensive query and connection auditing.
MariaDB Log Auditing Configuration
1. Verify audit plugin
First check the plugin directory:
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE 'plugin_dir';
+---------------+------------------------+
| Variable_name | Value |
+---------------+------------------------+
| plugin_dir | /usr/lib/mysql/plugin/ |
+---------------+------------------------+
1 row in set (0.001 sec)Confirm that server_audit.so exists in the plugin directory:
ls /usr/lib/mysql/plugin/server_audit.so2. Install the audit plugin
Edit the MySQL configuration file:
vim /etc/kubernetes/components/mysql/default/config.yml---
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-config-default
namespace: component
data:
mariadb.cnf: |
[mariadb] # add this line
plugin_load_add = server_audit # add this line
[client]
default-character-set = utf8
......Optional SQL installation:
INSTALL SONAME 'server_audit';3. Configure audit settings
Edit the configuration again to set audit variables:
vim /etc/kubernetes/components/mysql/default/config.yml---
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-config-default
namespace: component
data:
mariadb.cnf: |
[mysqld]
...
server_audit_events=connect,query,table # record connection, query, table events
server_audit_file_rotate_now=ON # enable log rotation
server_audit_file_rotate_size=1000000 # set max file size
server_audit_file_rotations=5 # limit number of rotated files
...Optionally set the audit events variable directly:
SET GLOBAL server_audit_events = 'CONNECT,QUERY,TABLE';4. Enable and start the audit plugin
Check current audit‑related variables:
MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE 'server_audit%';
+-------------------------------+-----------------------+
| Variable_name | Value |
+-------------------------------+-----------------------+
| server_audit_events | |
| server_audit_excl_users | |
| server_audit_file_path | server_audit.log |
| server_audit_file_rotate_now | OFF |
| server_audit_file_rotate_size | 1000000 |
| server_audit_file_rotations | 9 |
| server_audit_incl_users | |
| server_audit_logging | OFF |
| server_audit_mode | 0 |
| server_audit_output_type | file |
| server_audit_query_log_limit | 1024 |
| server_audit_syslog_facility | LOG_USER |
| server_audit_syslog_ident | mysql-server_auditing |
| server_audit_syslog_info | |
| server_audit_syslog_priority | LOG_INFO |
+-------------------------------+-----------------------+
15 rows in set (0.001 sec)Enable logging by adding to the ConfigMap:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-config-default
namespace: component
data:
mariadb.cnf: |
[server]
server_audit_logging=ON # enable audit logging
[mariadb]
plugin_load_add = server_audit
......Or enable via SQL:
SET GLOBAL server_audit_logging=ON;After confirming the configuration, restart the MySQL StatefulSet:
kubectl -n component rollout restart sts mysql-defaultMaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.