The audit log plugin rejected a host name because it contains a character not allowed by MySQL’s host validation rules.
MySQL error 3225 ER_AUDIT_LOG_HOST_NAME_INVALID_CHARACTER means the audit plugin found an illegal character in the reported host name. Sanitize the host string to include only letters, digits, dots, dashes, and underscores, then retry the operation.
ER_AUDIT_LOG_HOST_NAME_INVALID_CHARACTER
Error 3225 fires when MySQL’s audit log plugin receives or records a host name that contains a character outside the allowed set (letters, numbers, dot, dash, underscore). The server aborts the audit event and raises SQLSTATE HY000.
The condition was introduced in MySQL 5.7.22 alongside tighter validation for audit trail integrity. It protects log files from malformed or malicious host strings.
The most common trigger is an application or connector sending a host or IP string with spaces, slashes, or other punctuation. Misconfigured proxy headers and custom audit plugins can also inject bad characters.
Upgraded servers with legacy configuration files may still hold outdated host patterns that no longer pass validation.
First, locate the offending host value in the error log or general log. Remove any spaces, forward slashes, backticks, or non-ASCII symbols.
If the value comes from a reverse proxy, update the proxy’s X-Forwarded-Host header to a valid DNS name. Restart MySQL after changes.
Container orchestration tools sometimes generate host names with underscores and uppercase letters. Standardize names with lowercase letters and dashes.
VPN clients may append port numbers to host strings (eg client-42:3306). Strip the port or move it to a separate field.
Add input validation in the application layer to allow only [A-Za-z0-9._-] characters for host fields.
Enable MySQL’s audit_log_format=JSON so invalid events are easier to parse and correct quickly.
Error 3224 ER_AUDIT_LOG_ENCRYPTION_PASSWORD HAS_NOT_BEEN_SET occurs when audit encryption keys are missing - configure audit_log_encryption_password.
Error 3162 ER_AUDIT_PLUGIN_DOES_NOT_SUPPORT_COMMAND appears if the audit plugin cannot process a statement - upgrade or recompile the plugin.
Spaces, slashes, and punctuation characters break MySQL’s host validation.
Improper X-Forwarded-Host or PROXY protocol strings travel to MySQL unchanged.
Orchestration stacks may insert underscores or uppercase letters.
Old my.cnf files can reference hostnames incompatible with 5.7.22+ rules.
The audit plugin cannot handle a particular SQL command.
Audit log encryption is enabled but no password was configured.
A UDF tried to read more bytes than allowed from the audit log.
No rows are lost, but audit entries for that connection are rejected until the host is fixed.
You can recompile the audit plugin or patch source, but disabling validation is not recommended for security.
Digits, letters, dots, dashes, and underscores are accepted.
Galaxy’s SQL editor linting flags invalid host strings during connection setup, preventing bad values from reaching MySQL.
.avif)
.avif){kind=logo}
