Indeed the Percona Audit Log Plugin misses the database information, and McAfee solution does it very well. An example comparison:
* McAfee:
mysql [localhost] {msandbox} ((none)) > show plugins;
...
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |
mysql [localhost] {msandbox} ((none)) > show status like 'aud%';
+------------------------+-----------+
| Variable_name | Value |
+------------------------+-----------+
| Audit_protocol_version | 1.0 |
| Audit_version | 1.0.8-527 |
+------------------------+-----------+
2 rows in set (0.00 sec)
Example log entry:
{"msg-type":"activity","date":"1455614754490","thread-id":"1","query-id":"33","user":"msandbox","priv_user":"msandbox","host":"localhost","ip":"","cmd":"select","objects":[{"db":"test","name":"t1","obj_type":"TABLE"},{"db":"db1","name":"t1","obj_type":"TABLE"}],"query":"select a from t1 join db1.t1 using(id)"}
* Percona:
mysql [localhost] {msandbox} ((none)) > show plugins;
...
| audit_log | ACTIVE | AUDIT | audit_log.so | GPL |
mysql [localhost] {msandbox} ((none)) > select @@version,@@version_comment;
+-------------+------------------------------------------------------+
| @@version | @@version_comment |
+-------------+------------------------------------------------------+
| 5.6.28-76.1 | Percona Server (GPL), Release 76.1, Revision 5759e76 |
+-------------+------------------------------------------------------+
1 row in set (0.00 sec)
Example log entry:
{"audit_record":{"name":"Query","record":"3629_2016-02-16T14:09:14","timestamp":"2016-02-16T14:12:40 UTC","command_class":"select","connection_id":"1","status":0,"sqltext":"select a from test.t1 join db1.t1 using(id)","user":"msandbox[msandbox] @ localhost []","host":"localhost","os_user":"","ip":""}}
So, McAfee is able to log all involved tables and databases even if they are uses in the same statement, while Percona implementation does not provide that info.
Indeed the Percona Audit Log Plugin misses the database information, and McAfee solution does it very well. An example comparison:
* McAfee:
mysql [localhost] {msandbox} ((none)) > show plugins;
...
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |
mysql [localhost] {msandbox} ((none)) > show status like 'aud%'; ------- ------- ----+-- ------- --+ ------- ------- ----+-- ------- --+ version | 1.0 | ------- ------- ----+-- ------- --+
+------
| Variable_name | Value |
+------
| Audit_protocol_
| Audit_version | 1.0.8-527 |
+------
2 rows in set (0.00 sec)
Example log entry:
{"msg-type" :"activity" ,"date" :"1455614754490 ","thread- id":"1" ,"query- id":"33" ,"user" :"msandbox" ,"priv_ user":" msandbox" ,"host" :"localhost" ,"ip":" ","cmd" :"select" ,"objects" :[{"db" :"test" ,"name" :"t1"," obj_type" :"TABLE" },{"db" :"db1", "name": "t1","obj_ type":" TABLE"} ],"query" :"select a from t1 join db1.t1 using(id)"}
* Percona:
mysql [localhost] {msandbox} ((none)) > show plugins;
...
| audit_log | ACTIVE | AUDIT | audit_log.so | GPL |
mysql [localhost] {msandbox} ((none)) > select @@version, @@version_ comment; ------- +------ ------- ------- ------- ------- ------- ------- ------+ ------- +------ ------- ------- ------- ------- ------- ------- ------+ ------- +------ ------- ------- ------- ------- ------- ------- ------+
+------
| @@version | @@version_comment |
+------
| 5.6.28-76.1 | Percona Server (GPL), Release 76.1, Revision 5759e76 |
+------
1 row in set (0.00 sec)
Example log entry:
{"audit_ record" :{"name" :"Query" ,"record" :"3629_ 2016-02- 16T14:09: 14","timestamp" :"2016- 02-16T14: 12:40 UTC","command_ class": "select" ,"connection_ id":"1" ,"status" :0,"sqltext" :"select a from test.t1 join db1.t1 using(id) ","user" :"msandbox[ msandbox] @ localhost []","host" :"localhost" ,"os_user" :"","ip" :""}}
So, McAfee is able to log all involved tables and databases even if they are uses in the same statement, while Percona implementation does not provide that info.