Audit Access in MariaDB enables detailed logging of connections, queries, and table activity for compliance and troubleshooting.
Regulatory compliance, performance troubleshooting, and security forensics all require a precise record of who touched what data and when.
Install the built-in server_audit
plugin once per server. The plugin starts writing JSON-style rows to the MariaDB error log or to a dedicated file.
CONNECT
, QUERY
, QUERY_DDL
, QUERY_DML
, TABLE
, QUERY_DCL
.Combine them to focus on logins, DDL on Products, or DML against Orders.
Use server_audit_incl_users
/ server_audit_excl_users
and server_audit_incl_databases
/ server_audit_excl_databases
to restrict output to, for example, app_user
logging into ecommerce
.
Point server_audit_file_path
at a secured directory, enable OS-level log rotation, and restrict file permissions to the DBA group.
Log QUERY_DDL
and TABLE
events so schema changes to OrderItems
are captured.Exclude high-frequency report accounts to keep log size manageable.
Only if required by compliance; high-write tables like Orders
can inflate logs rapidly.
.
Overhead is under 5 % for CONNECT and DDL events. Logging every DML statement may add latency; benchmark before enabling on high-frequency tables.
By default, they append to the MariaDB error log. Set server_audit_output_type=FILE
and server_audit_file_path
for a separate file.
Yes. Set server_audit_syslog=ON
and configure server_audit_output_type=SYSLOG
.