MySQL cannot reload the JSON-based audit log filters, halting the audit plugin refresh and leaving logging in an unknown state.
ER_COULD_NOT_REINITIALIZE_AUDIT_LOG_FILTERS (MySQL error 3213) means the server failed to reload JSON audit log filters after a SET GLOBAL or FLUSH statement. Check filter JSON syntax, file permissions, and plugin status, then reapply valid filters to resolve the issue.
ER_COULD_NOT_REINITIALIZE_AUDIT_LOG_FILTERS
Error 3213 appears when MySQL reloads the audit log plugin filters but encounters an unrecoverable issue. The server aborts the refresh, keeps the old filters inactive, and continues without the expected audit rules. Logging gaps can occur until the problem is fixed.
The error was introduced in MySQL 5.7.22 with the JSON based audit log filter system. It is most frequently raised by a SET GLOBAL audit_log_filter or FLUSH AUDIT LOGS statement, but it may also occur on server startup if filters are loaded from the mysql system table.
Invalid JSON in the audit_log_filter definition prevents MySQL from parsing the filter set and triggers error 3213.
Incorrect or missing file paths to the filter JSON file cause the plugin to fail during reinitialization.
Operating system file permission restrictions can block the mysqld process from reading filter files.
A disabled or uninstalled audit_log plugin results in a failed filter reload because the supporting API is unavailable.
Server resource shortages (out of memory or file descriptors) can interrupt the filter rebuild phase, raising this error.
Validate every JSON filter with an external lint tool or MySQL's built-in JSON functions before applying it.
Ensure the audit_log plugin is installed and active with SHOW PLUGINS. Activate it if missing.
Grant mysqld read access to the JSON file or ensure the filter is stored inside the mysql.system table.
If a filter is corrupt, drop and recreate it, then reapply your filter assignments.
After corrections, execute FLUSH AUDIT LOGS to verify that reinitialization succeeds without error 3213.
Scenario: JSON syntax error in filter definition.
Solution: Fix the syntax and run SET GLOBAL audit_log_filter= again.
Scenario: Audit plugin missing after an upgrade.
Solution: INSTALL PLUGIN audit_log SONAME 'audit_log.so'; then reload filters.
Scenario: Permission denied on /etc/mysql/audit_filters.json.
Solution: chown mysql:mysql /etc/mysql/audit_filters.json; chmod 640.
Store filters in the mysql.audit_log_filter table rather than external files to prevent path and permission issues.
Validate JSON offline before loading into MySQL using JSON_VALID or a command-line linter.
Automate a regression test that performs FLUSH AUDIT LOGS on staging during CI to catch filter problems early.
Monitor the MySQL error log with Galaxy or another log aggregator so you can react quickly if error 3213 appears.
ER_AUDIT_LOG_FILTER_NOT_FOUND (3211): Triggered when a referenced filter name does not exist. Create the filter or correct the name.
ER_UNKNOWN_AUDIT_LOG_FILTER (3212): MySQL does not recognize the supplied filter JSON attribute. Update the filter to supported syntax.
ER_AUDIT_LOG_READ_FAIL (3210): The server cannot read the audit log file. Check disk and permissions.
Trailing commas, unquoted keys, or other JSON errors stop the parser.
If the audit_log plugin is uninstalled or disabled, filter reload fails.
mysqld must have read access to external JSON filter files.
In-table filter definitions damaged by disk errors can prevent reinitialization.
Out-of-memory or file descriptor exhaustion during reload may trigger the error.
Raised when MySQL cannot locate the named filter. Usually a typo or missing CREATE AUDIT LOG FILTER statement.
Triggered by unsupported keys inside the JSON filter object. Update the filter to use valid attributes.
Occurs when the audit log file itself cannot be read. Check disk, permissions, or path.
The MySQL error log lists the filter name and the exact JSON position where parsing stopped. Reviewing that log entry pinpoints the offending filter.
Yes, run UNINSTALL PLUGIN audit_log; to disable it. Reinstall with INSTALL PLUGIN when ready. Note that disabling the plugin stops all audit logging.
No. The server continues to operate, but audit logging may be incomplete or missing until the filters are successfully reloaded.
Galaxy's schema-aware SQL editor validates JSON functions and highlights syntax errors, reducing the chance of pushing invalid filters to production.
.avif)
.avif){kind=logo}
