BestHub
Sign in
Databases 4 min read

How to Enable and Configure MariaDB Audit Logging Plugin

This guide walks you through verifying, installing, configuring, and activating the MariaDB server_audit plugin, including required ConfigMap edits, optional SQL commands, and a Kubernetes rollout to ensure comprehensive audit logging of connections, queries, and table events.

Raymond Ops
Raymond Ops
Raymond Ops
How to Enable and Configure MariaDB Audit Logging Plugin

MariaDB Audit Log Configuration

1. Verify the audit plugin

Check the plugin directory and ensure server_audit.so exists.

MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE 'plugin_dir';
+---------------+------------------------+
| Variable_name | Value                  |
+---------------+------------------------+
| plugin_dir    | /usr/lib/mysql/plugin/ |
+---------------+------------------------+
1 row in set (0.001 sec)
ls /usr/lib/mysql/plugin/server_audit.so

2. Install the audit plugin

Edit the ConfigMap file /etc/kubernetes/components/mysql/default/config.yml and add the plugin:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql-config-default
  namespace: component
data:
  mariadb.cnf: |
    [mariadb]
    plugin_load_add = server_audit
    [client]
    default-character-set = utf8
    ...

Optional SQL installation:

INSTALL SONAME 'server_audit';

3. Configure audit settings

Update the ConfigMap to define which events to log and file‑rotation parameters:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql-config-default
  namespace: component
data:
  mariadb.cnf: |
    [mysqld]
    server_audit_events=connect,query,table
    server_audit_file_rotate_now=ON
    server_audit_file_rotate_size=1000000
    server_audit_file_rotations=5
    ...

Optional global variable:

SET GLOBAL server_audit_events = 'CONNECT,QUERY,TABLE';

4. Enable and start the audit plugin

Check current audit variables:

MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE 'server_audit%';
+-------------------------------+-----------------------+
| Variable_name                 | Value                 |
+-------------------------------+-----------------------+
| server_audit_events           |                       |
| server_audit_excl_users       |                       |
| server_audit_file_path        | server_audit.log      |
| server_audit_file_rotate_now  | OFF                   |
| server_audit_file_rotate_size| 1000000               |
| server_audit_file_rotations   | 9                     |
| server_audit_logging          | OFF                   |
| server_audit_mode             | 0                     |
| server_audit_output_type      | file                  |
| ...                           | ...                   |
+-------------------------------+-----------------------+

Enable logging in the ConfigMap:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql-config-default
  namespace: component
data:
  mariadb.cnf: |
    [server]
    server_audit_logging=ON
    [mariadb]
    plugin_load_add = server_audit
    ...

Optional SQL enable: SET GLOBAL server_audit_logging=ON; Restart the MySQL StatefulSet to apply changes:

kubectl -n component rollout restart sts mysql-default
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Kubernetesdatabase securityAudit LoggingMariaDBserver_audit
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment