The MariaDB audit plug-in is now available for RDS MySQL (5.6.29 and 5.7.11) and RDS MariaDB 10.0.24 instances. The MariaDB audit plug-in provides event logging for database activity to help customers meet corporate compliance requirements and troubleshoot application issues. Some of the key details for implementing the plugin are:
- Enabling and disabling the audit plug-in – Users can enable audit plug-in by creating an option group, adding MARIADB_AUDIT_PLUGIN option to the group, and attaching the option group to the RDS instance. Audit logging can be disabled by simply removing the option group from the instance.
- SERVER_AUDIT_EVENTS variables – These variables allow users to specify the events they want to include in the logs (CONNECTION: users connecting and disconnecting, QUERY: queries and their result, and TABLE: which tables are affected by the queries).
- SERVER_AUDIT_EXCL_USERS and SERVER_AUDIT_INCL_USERS variables – These variables specify which users’ activity should be excluded from or included in the audit. SERVER_AUDIT_INCL_USERS has the higher priority and all users’ activity is recorded by default.
The MariaDB audit plug-in for RDS MySQL and MariaDB is available in all supported RDS regions.