From 9d66bfbdd3fa508d2e42d012975ef23ecb164f9d Mon Sep 17 00:00:00 2001
From: Rick Pizzi <pizzi@leopardus.com>
Date: Sat, 7 Feb 2015 15:42:21 -0500
Subject: [PATCH 1/2] new option audit_record_logins to enable logging of
 Connect/Quit regardless the content of variable  audit_record_cmds

---
 src/audit_plugin.cc | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/audit_plugin.cc b/src/audit_plugin.cc
index cabf95b..021cc9c 100644
--- a/src/audit_plugin.cc
+++ b/src/audit_plugin.cc
@@ -44,6 +44,7 @@ static Audit_json_formatter json_formatter;
 
 //flags to hold if audit handlers are enabled
 static my_bool json_file_handler_enable = FALSE;
+static my_bool record_logins_enable = FALSE;
 static my_bool json_file_handler_flush = FALSE;
 static my_bool json_socket_handler_enable = FALSE;
 static my_bool uninstall_plugin_enable = FALSE;
@@ -220,6 +221,15 @@ static void audit(ThdSesData *pThdData)
 	return;
       }
   }
+  if (record_logins_enable) {
+      const char * cmd = pThdData->getCmdName();
+      const char * user = pThdData->getUserName();
+      if (!strcasecmp(cmd, "Connect") || !strcasecmp(cmd, "Quit")) {
+         if(user && strlen( user))
+         	Audit_handler::log_audit_all(pThdData);    
+         return;
+      }
+  }
   if (num_record_cmds > 0) {
       const char * cmd = pThdData->getCmdName();
       const char *cmds[2];
@@ -1569,6 +1579,10 @@ static MYSQL_SYSVAR_BOOL(header_msg, json_formatter.m_write_start_msg,
              PLUGIN_VAR_RQCMDARG,
         "AUDIT write header message at start of logging or file flush Enable|Disable. Default enabled.", NULL, NULL, 1);
 
+static MYSQL_SYSVAR_BOOL(record_logins, record_logins_enable,
+             PLUGIN_VAR_RQCMDARG,
+        "AUDIT record Connect and Quit commands Enable|Disable. Default enabled.", NULL, NULL, 1);
+
 static MYSQL_SYSVAR_STR(json_log_file, json_file_handler.m_io_dest,
         PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_MEMALLOC,
         "AUDIT plugin json log file name",
@@ -1693,6 +1707,7 @@ static MYSQL_SYSVAR_STR(record_objs, record_objs_string,
 static struct st_mysql_sys_var* audit_system_variables[] =
 {
 	MYSQL_SYSVAR(header_msg),
+	MYSQL_SYSVAR(record_logins),
 	MYSQL_SYSVAR(json_log_file),
 	MYSQL_SYSVAR(json_file_sync),
 	MYSQL_SYSVAR(json_file_retry),

From de390805f1aead57994e13bf8e00486cd9f9e0a7 Mon Sep 17 00:00:00 2001
From: Riccardo Pizzi <pizzi@proxy.leopardus.com>
Date: Sat, 7 Feb 2015 16:18:05 -0500
Subject: [PATCH 2/2] added Failed Login auditing

---
 src/audit_plugin.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/audit_plugin.cc b/src/audit_plugin.cc
index 021cc9c..22c4f59 100644
--- a/src/audit_plugin.cc
+++ b/src/audit_plugin.cc
@@ -224,7 +224,7 @@ static void audit(ThdSesData *pThdData)
   if (record_logins_enable) {
       const char * cmd = pThdData->getCmdName();
       const char * user = pThdData->getUserName();
-      if (!strcasecmp(cmd, "Connect") || !strcasecmp(cmd, "Quit")) {
+      if (!strcasecmp(cmd, "Connect") || !strcasecmp(cmd, "Quit") || !strcasecmp(cmd, "Failed Login")) {
          if(user && strlen( user))
          	Audit_handler::log_audit_all(pThdData);    
          return;