Twitter Audit Logging

Liang G edited this page Jun 7, 2013 · 1 revision

In Twitter DBA audit logging, activities of non-exempt users are logged in MySQL error log. The log line captures local timestamp, user identifier and host, commands executed, and command result.

By default, all users are logged except users with IGNORE LOGGING privilege. Super users with ALL PRIVILEGES are always logged. Users can be exempted dynamically by IGNORE LOGGING privilege grant.

A new global system variable --twitter_audit_logging is provided to enable and change log levels. The valid range is [0, 2]. At log level 1, all operations except SELECT and SHOW are logged. At log level 2, SELECT and SHOW are logged as well.

Non-exempt users login and logout events are always logged. Login failures of all users are always logged.