Skip to content

PS-9755 [DOCS] - Audit log filter component - docs are not clear abou… #646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
patrickbirch wants to merge 1 commit into
base: 8.4
Choose a base branch
from
Draft

PS-9755 [DOCS] - Audit log filter component - docs are not clear abou… #646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions docs/audit-log-filter-compression-encryption.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ The following audit log filter functions are used with encryption:

The `audit_log_filter.password_history_keep_days` variable is used with encryption. If the variable is not zero (0), invoking `audit_log_encryption_password_set()` causes the expiration of archived audit log passwords.

When an archived password expires, the component removes it from the keyring. If a password is removed from the keyring, you cannot decrypt audit log files that were encrypted with that password. However, passwords that are still in use for rotated audit log files do not expire, even if they are past the expiration date specified by `password_history_keep_days`.

When the component starts with encryption enabled, the component checks if the keyring has an audit log filter encryption password. If no password is found, the component generates a random password and stores this password in the keyring. Use `audit_log_encryption_password_get()` to review this password.

If compression and encryption are enabled, the component applies compression before encryption. If you must manually recover a file with both settings, first decrypt the file and then uncompress the file.
Expand All @@ -52,8 +54,8 @@ This function gets the encryption password, and the iterations count and returns

Get the keyring password:

```mysql
mysql> SELECT audit_log_encryption_password_get('audit-log-20190414T223342-2');
```sql
SELECT audit_log_encryption_password_get('audit-log-20190414T223342-2');
```

The return value of this function may look like the following:
Expand Down
4 changes: 2 additions & 2 deletions docs/audit-log-filter-formats.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ Set with the `audit_log_filter.format` system variable at startup. The available

By default, the file contents in the new-style XML format are not compressed or encrypted.

Changing the `audit_log_filter.format`, you should also change
the `audit_log_filter.file` name. For example, changing the `audit_log_filter.format`
When changing the `audit_log_filter.format`, it is recommended that you also change
the `audit_log_filter.file` name. For example, when changing the `audit_log_filter.format`
to JSON, change the `audit_log_filter.file` to `audit.json`. If you don't change
the `audit_log_filter.file` name, then all audit log filter files have the same
base name and you won't be able to easily find when the format changed.
Expand Down
Loading