1. setup plugin

INSTALL SONAME 'server_audit';

2. cek plugin

SELECT * FROM information_schema.PLUGINS WHERE PLUGIN_NAME='server_audit';

3. cek variable

MariaDB [(none)]> SHOW GLOBAL VARIABLES LIKE 'server_audit%';
+-------------------------------+-----------------------+
| Variable_name                 | Value                 |
+-------------------------------+-----------------------+
| server_audit_events           |                       |
| server_audit_excl_users       |                       |
| server_audit_file_path        | server_audit.log      |
| server_audit_file_rotate_now  | OFF                   |
| server_audit_file_rotate_size | 1000000               |
| server_audit_file_rotations   | 9                     |
| server_audit_incl_users       |                       |
| server_audit_logging          | OFF                   |
| server_audit_mode             | 0                     |
| server_audit_output_type      | file                  |
| server_audit_query_log_limit  | 1024                  |
| server_audit_syslog_facility  | LOG_USER              |
| server_audit_syslog_ident     | mysql-server_auditing |
| server_audit_syslog_info      |                       |
| server_audit_syslog_priority  | LOG_INFO              |
+-------------------------------+-----------------------+
15 rows in set (0.031 sec)

MariaDB [(none)]>

4. aktifkan audit

SET GLOBAL server_audit_logging = ON;

5. event

SET GLOBAL server_audit_events = 'CONNECT,QUERY';

Opsi lain:

• QUERY → log query
• CONNECT → log login/logout
• QUERY_DDL → CREATE TABLE, ALTER TABLE
• TABLE → operasi per-table

6. tentukan user yang akan dimonitor

SET GLOBAL server_audit_incl_users = 'backend,devops';

7. log audit

SHOW GLOBAL VARIABLES LIKE 'server_audit_file_path';
SET GLOBAL server_audit_file_rotations = 20;

CONFIG my.cnf

server_audit=ON
server_audit_logging=ON
server_audit_events=QUERY
server_audit_output_type=file
server_audit_file_path=$AUDIT_LOG
server_audit_incl_users=$AUDIT_USERS