Is it possible to use Auditd to log mysql commands run by any system or user ?
 

I want to log all the mysql queries and commands being run on the database. It can be by any user - home user / www-data / root / or any other. I want to use auditd to log all the queries. Is it possible?

I am using Ubuntu 18.04 server.

May be
 

I have already search on internet and I think you should use "ausearch" Tool on CentOS/RHEL.

Please dont post useless reply
 

Ausearch is a tool to go through the logs by auditd. Your answer doesn't answer my question or even help me towards finding my answer. Please avoid ansering questions witout decent R&D on your side.

Thank You.

The audit system logs system calls and file accesses. It does not log database queries. I guess that MySQL has monitoring software that allows to do that.

Yes, it is possible...probably...but not with auditd.

Um. If you don't find a response helpful, just ignore it. There's no need to be rude about it...and please avoid asking questions without decent R&D, too. See the How to ask a question link in my sig.

To agree with berndbausch.

Don't think it is the correct or maybe the easy way.
From this. "The auditd subsystem is an access monitoring and accounting for Linux developed and maintained by RedHat. It was designed to integrate pretty tightly with the kernel and watch for interesting system calls." https://security.blogoverflow.com/20...ion-to-auditd/

Since you are asking about users issuing commands to mysql then I'd look at mysql audit methods.


It's always difficult to guess the correct answer.
Please consider that answers are sometimes wrong but they are offered for free and with good intent usually.