MySQL

MySQL Audit Logging: MariaDB Audit Plugin, General Log, and Trigger-Based Auditing

Implement MySQL audit logging for SOC2, PCI-DSS, and HIPAA compliance. Covers MariaDB Audit Plugin, general query log, trigger-based auditing, and SIEM integration.

JusDB Team
April 16, 2025
Updated May 13, 2026
5 min read
159 views
Monitoring
Security
MySQL

Database audit logs record who did what and when — essential for compliance (SOC2, PCI-DSS, HIPAA) and forensic investigation. Here is how to implement audit logging in MySQL.

MySQL Enterprise Audit Plugin

sql 
-- MySQL Enterprise Edition
INSTALL PLUGIN audit_log SONAME 'audit_log.so';

-- Configure in my.cnf
-- audit_log_policy = ALL
-- audit_log_format = JSON
-- audit_log_file = /var/log/mysql/audit.log

Open Source Alternative: MariaDB Audit Plugin

ini 
[mysqld]
plugin_load_add = server_audit
server_audit_logging = ON
server_audit_events = CONNECT,QUERY
server_audit_file_path = /var/log/mysql/audit.log
server_audit_file_rotate_size = 100000000
server_audit_file_rotations = 5
server_audit_excl_users = 'replication_user,orchestrator'

General Query Log for Development Auditing

sql 
-- Enable general log (high overhead — dev/audit only)
SET GLOBAL general_log = ON;
SET GLOBAL general_log_file = '/var/log/mysql/general.log';

-- Or log to table
SET GLOBAL log_output = 'TABLE';
SELECT * FROM mysql.general_log ORDER BY event_time DESC LIMIT 20;

Application-Level Audit with Triggers

sql 
CREATE TABLE audit_log (
  id BIGINT AUTO_INCREMENT PRIMARY KEY,
  table_name VARCHAR(64),
  operation ENUM('INSERT','UPDATE','DELETE'),
  old_data JSON,
  new_data JSON,
  changed_by VARCHAR(64) DEFAULT user(),
  changed_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

CREATE TRIGGER orders_audit AFTER UPDATE ON orders
FOR EACH ROW
INSERT INTO audit_log (table_name, operation, old_data, new_data)
VALUES ('orders', 'UPDATE',
  JSON_OBJECT('status', OLD.status, 'amount', OLD.amount),
  JSON_OBJECT('status', NEW.status, 'amount', NEW.amount));

Shipping Audit Logs to SIEM

bash 
# Forward JSON audit logs to CloudWatch Logs
# In CloudWatch agent config:
# {
#   "file_path": "/var/log/mysql/audit.log",
#   "log_group_name": "/aws/rds/mysql/audit",
#   "log_stream_name": "{instance_id}"
# }

Key Takeaways

  • Use the MariaDB Audit Plugin (free) or MySQL Enterprise Audit for connection and query logging
  • Exclude replication and monitoring users from audit logs to reduce noise
  • JSON format makes audit logs easy to ship to SIEM tools like Splunk or CloudWatch
  • Triggers provide fine-grained application-level auditing for specific tables

JusDB Can Help

Audit logging is a compliance requirement for SOC2, PCI-DSS, and HIPAA. JusDB can implement a complete database audit strategy for your environment.

Share this article

JusDB Team

Official JusDB content team

Need Expert Help?

Need expert help? Our specialists can assist with these related services:

MySQL Performance Tuning

5-15× query speedup via Performance Schema, EXPLAIN ANALYZE, InnoDB buffer pool sizing, slow-query analysis

Learn more

MySQL Consulting

Schema design, InnoDB Cluster, ProxySQL routing, 8.0 → 8.4 upgrades — 1000+ instances managed

Learn more

MySQL Migration

MySQL 5.7 → 8.0/8.4 upgrades, Oracle/MSSQL/PostgreSQL → MySQL, zero-downtime AWS RDS/Aurora cutover

Learn more

MySQL High Availability

InnoDB Cluster, Group Replication, Orchestrator failover, MHA, 99.99% uptime

Learn more

MySQL on Kubernetes

Oracle MySQL Operator, Percona Operator, StatefulSet design for InnoDB Cluster on K8s

Learn more

MySQL Support

24/7 production support: replication breaks, deadlocks, buffer-pool sizing, 15-min Sev-1 SLA

Learn more
Explore all our database services

Related Articles

MySQL Explained (2026): InnoDB, 8.4 LTS, Replication & Production Patterns

May 13, 2026

MySQL "Communications Link Failure": Fix wait_timeout, HikariCP & All 8 Timeout Variables

May 9, 2026

MySQL binlog Retention, Rotation & Purge: Production Guide (2026)

May 9, 2026