Comment 2 for bug 1435099

Indeed the Percona Audit Log Plugin misses the database information, and McAfee solution does it very well. An example comparison:

* McAfee:
mysql [localhost] {msandbox} ((none)) > show plugins;
...
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |

mysql [localhost] {msandbox} ((none)) > show status like 'aud%';
+------------------------+-----------+
| Variable_name | Value |
+------------------------+-----------+
| Audit_protocol_version | 1.0 |
| Audit_version | 1.0.8-527 |
+------------------------+-----------+
2 rows in set (0.00 sec)

Example log entry:

{"msg-type":"activity","date":"1455614754490","thread-id":"1","query-id":"33","user":"msandbox","priv_user":"msandbox","host":"localhost","ip":"","cmd":"select","objects":[{"db":"test","name":"t1","obj_type":"TABLE"},{"db":"db1","name":"t1","obj_type":"TABLE"}],"query":"select a from t1 join db1.t1 using(id)"}

* Percona:

mysql [localhost] {msandbox} ((none)) > show plugins;
...
| audit_log | ACTIVE | AUDIT | audit_log.so | GPL |

mysql [localhost] {msandbox} ((none)) > select @@version,@@version_comment;
+-------------+------------------------------------------------------+
| @@version | @@version_comment |
+-------------+------------------------------------------------------+
| 5.6.28-76.1 | Percona Server (GPL), Release 76.1, Revision 5759e76 |
+-------------+------------------------------------------------------+
1 row in set (0.00 sec)

Example log entry:

{"audit_record":{"name":"Query","record":"3629_2016-02-16T14:09:14","timestamp":"2016-02-16T14:12:40 UTC","command_class":"select","connection_id":"1","status":0,"sqltext":"select a from test.t1 join db1.t1 using(id)","user":"msandbox[msandbox] @ localhost []","host":"localhost","os_user":"","ip":""}}

So, McAfee is able to log all involved tables and databases even if they are uses in the same statement, while Percona implementation does not provide that info.