Link to the MariaDB audit plugin format: https://mariadb.com/kb/en/mariadb/about-the-mariadb-audit-plugin/#audit-log-format
syslog format: [timestamp][syslog_host][syslog_ident]:[syslog_info][serverhost],[username],[host], [connectionid],[queryid],[operation],[database],[object],[retcode] We're using syslog, since it allows us to easily forward the logs to our central logging server for archiving. And here's a small sample of log files: May 23 14:40:00 mysql09a mysql-server_auditing: mysql09a.local,root,MYSQLADM.local,725989,179577437,QUERY,,'DROP DATABASE `ese_adherence_s`',0 May 24 10:22:21 mysql09a mysql-server_auditing: mysql09a.local,ahc_shwb01_t,10.15.190.182,840046,210662172,QUERY,`ahc_shwb01_t`,'CREATE TABLE `zipcodes` ( `zip` varchar(16) NOT NULL DEFAULT \'0\' COMMENT \'Postal / ZIP code.\', `city` varchar(30) NOT NULL DEFAULT \'\' COMMENT \'City.\', `state` varchar(30) NOT NULL DEFAULT \'\' COMMENT \'Province / State.\', `latitude`',0 May 24 10:22:21 mysql09a mysql-server_auditing: mysql09a.local,ahc_shwb01_t,10.15.190.182,840046,210662174,QUERY,`ahc_shwb01_t`,'/*!40000 ALTER TABLE `zipcodes` DISABLE KEYS */',0 May 24 11:51:30 mysql09a mysql-server_auditing: mysql09a.local,ahc_shwb01_t,ahc-web29d.local,849705,0,CONNECT,ahc_shwb01_t,,0 May 24 11:51:30 mysql09a mysql-server_auditing: mysql09a.local,ahc_shwb01_t,ahc-web29d.local,849705,0,DISCONNECT,ahc_shwb01_t,,0 May 24 12:01:12 mysql09a mysql-server_auditing: mysql09a.local,,AHC-GSMPX11.local,850526,0,FAILED_CONNECT,,,1158 The 'mysql-server_auditing' is a user-configurable option (I took the default). I can provide a larger sample of logs if anyone wants. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.