diff --git a/Configuration.md b/Configuration.md index 0518982..01c39f5 100644 --- a/Configuration.md +++ b/Configuration.md @@ -14,14 +14,16 @@ Available AUDIT Plugin system variables: * **audit_record_cmds**: Comma separated list of commands to log to the audit trail. For example: `insert,update,delete`. * **audit_record_objs**: Comma separated list of objects (tables) to log to the audit trail. Table name should be specified as: `database.table`. Wild cards are supported and it is possible to specify: `*.mytable` or `mydb.*`. Specify: `{}` as part of the list to include the empty set to catch also cases where an activity has no objects (for example connect and quit). * **audit_whitelist_users**: Comma separated list of white-listed users whose queries are not recorded. Specify: `{}` as part of the list to include the empty user. -* **audit_whitelist_cmds**: Comma separated list of white-listed cmds whose queries are not recorded. Introduced at version 1.0.6. -* **audit_force_record_logins**: Force logging: Connect, Quit and Failed Login commands, regardless of the settings in `audit_record_cmds` and `audit_record_objs` variables. ON|OFF. Default value: OFF. Introduced at version 1.0.8. -* **audit_header_msg**: Header message logging ON|OFF. Default value: ON. Introduced at version 1.0.6. -* **audit_password_masking_cmds**: Comma separated list of commands for which the password masking regex will be applied. Default value includes MySQL commands that may include a password clause: `CREATE_USER,GRANT,SET_OPTION,SLAVE_START,CREATE_SERVER,ALTER_SERVER,CHANGE_MASTER`. Introduced at version 1.0.6. +* **audit_whitelist_cmds**: Comma separated list of white-listed cmds whose queries are not recorded. Introduced in version 1.0.6. +* **audit_force_record_logins**: Force logging: Connect, Quit and Failed Login commands, regardless of the settings in `audit_record_cmds` and `audit_record_objs` variables. ON|OFF. Default value: OFF. Introduced in version 1.0.8. +* **audit_header_msg**: Header message logging ON|OFF. Default value: ON. Introduced in version 1.0.6. +* **audit_password_masking_cmds**: Comma separated list of commands for which the password masking regex will be applied. Default value includes MySQL commands that may include a password clause: `CREATE_USER,GRANT,SET_OPTION,SLAVE_START,CREATE_SERVER,ALTER_SERVER,CHANGE_MASTER`. Introduced in version 1.0.6. * **audit_password_masking_regex**: PCRE compliant regular expression used for password masking. Regex will be applied only to statements with command type as specified at: `audit_password_masking_cmds`. Introduced at version 1.0.6. -* **audit_json_file_retry**: json log file retry interval. If the plugin fails to open/write to the json log file, will retry to open every specified interval in seconds. Set for 0 to disable retrying. Defaults to 60 seconds. Introduced at version 1.0.6. -* **audit_json_socket_retry**: json socket retry interval. If the plugin fails to connect/write to the json audit socket, will retry to connect every specified interval in seconds. Set for 0 to disable retrying. Defaults to 10 seconds. Introduced at version 1.0.6. -* **audit_json_file_bufsize**: json file buffer size in bytes used for logging. Value of 0 means default size, value of 1 means no buffering. Max value: 262144 (256KB). A larger value may improve performance when logging large statements (log entries larger than 4KB). Defaults to 0. If changed during run-time need, to perform a flush for the new value to take affect. Introduced in version 1.0.8. +* **audit_json_file_retry**: json log file retry interval. If the plugin fails to open/write to the json log file, will retry to open every specified interval in seconds. Set for 0 to disable retrying. Defaults to 60 seconds. Introduced in version 1.0.6. +* **audit_json_socket_retry**: json socket retry interval. If the plugin fails to connect/write to the json audit socket, will retry to connect every specified interval in seconds. Set for 0 to disable retrying. Defaults to 10 seconds. Introduced in version 1.0.6. +* **audit_json_file_bufsize**: json file buffer size in bytes used for logging. Value of 0 means default size, value of 1 means no buffering. Max value: 262144 (256KB). A larger value may improve performance when logging large statements (log entries larger than 4KB). Defaults to 0. If changed during run-time need, to perform a flush for the new value to take affect. Default is ON. Introduced in version 1.0.8. +* **audit_client_capabilities**: If enabled, the plugin sends the value of client capabilities bit map as an unsigned 64-bit value. Introduced in version 1.1.1. +* **audit_sess_connect_attrs**: If enabled, the plugin sends session connection attributes. Default is ON. Currently supported only on MySQL 5.6 and 5.7. Introduced in version 1.1.1 **Notes:**