On Mar 25, Don Pinto wrote:
> Hi Sergei,
> Thanks for your pointer. Since we have some auditing policy
> infrastructure in place, I think it is a good head start for this
> project. I also have a question about the high level design of 2878.
> Looking at the worklog of WL#3771 - high level design notes in forge I
> see the following possible event types :
> * Connection class: connect, login, logout, disconnect, etc.
> * Alter Privilege class: GRANT, REVOKE etc.
> * General Query class
This is, indeed, only design notes. Check the code to see what was
actually implemented (unfortunately, this WL is still in the
"In-Documentation" status, that is it's completed code-wise, but not
> Would it be better to provide further granularity of the auditing.
> Seems like General query class is still very coarse grained and
> definitely lot of workload queries will fall in this category. Is it
> OK to suggest breaking down the general query class into further
> sub-classes such as : database auditing (i.e auditing for the entire
> database), user based auditing (i.e auditing policy applicable to
> particular user), table based auditing (i.e auditing policy applicable
> to particular table object).
1. You certainly can suggest any refinement of the above auditing plugin
scheme that you need. But
2. The idea was to provide a simple, but powerful API. For example, there
is no special "security violation" class, but there is "error" class.
If you want to audit all security violations, you simply hook on
"error" and ignore all audit evens where error number is not one of
ER_ACCESS_DENIED_ERROR, ER_DBACCESS_DENIED_ERROR, etc.
On the other hand, although one can parse sql query text in the
"general query" class, we certainly don't want to require plugins to
do the parsing. In this case creating more detailed classes or
providing more information in the "general query" class is justified.
But anyway, if there's something that your auduting plugin needs and the
server doesn't provide - don't hesitate to tell us about it ;)
Regards / Mit vielen GrÐÑen,
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik <serg@stripped>
/ /|_/ / // /\ \/ /_/ / /__ Principal Software Engineer/Server Architect
/_/ /_/\_, /___/\___\_\___/ Sun Microsystems GmbH, HRB MÐnchen 161028
<___/ Sonnenallee 1, 85551 Kirchheim-Heimstetten
GeschÐftsfÐhrer: Thomas Schroeder, Wolfgang Engels, Dr. Roland Boemer
Vorsitzender des Aufsichtsrates: Martin HÐring