MySQL Shell : send SQL statements to syslog

From MySQL Shell 8.0.24, it’s possible to log all the SQL statements issued in MySQL Shell.

Everything is well documented in the dedicated manual section: System Logging for SQL Statements.

Let’s see it in action. We will first start MySQL Shell with --syslog option:

$ mysqlsh --syslog --sql root@localhost

We enter a statement:

MySQL  localhost:33060+   2021-04-30 09:18:39 
SQL  show databases;
+-------------------------------+
| Database                      |
+-------------------------------+
| bookstore                     |
| clusterdemo                   |
...

And we can verify in syslog if something has been logged. I use Systemd and Journald therefor I will use journaclt to query syslog:

$ journalctl $(which mysqlsh)
-- Journal begins at Wed 2021-04-28 18:34:16 CEST, ends at Fri 2021-04-30 09:20:35 CEST. --
Apr 30 09:18:43 imac mysqlsh[256214]: SYSTEM_USER=fred MYSQL_USER=root 
                                      CONNECTION_ID=15 DB_SERVER=localhost DB='--' 
                                      QUERY='show databases;'

Excellent this is what we were looking for. We have some important information like the system user and the MySQL user, and of course the query.

The manual states that SQL statements that would be excluded from the MySQL Shell code history are also excluded from the system logging facility. What are those statements ?

In JS mode, get all the options like this:

JS  shell.options

And the entry we are looking for is "history.sql.ignorePattern":

"history.sql.ignorePattern": "*IDENTIFIED*:*PASSWORD*",

So those SQL statement having INDENTIFIED or PASSWORD in them won’t be saved in the history neither sent to syslog.

Will it be possible to enable this feature each time I start MySQL Shell… and as I am very use to it, I’m pretty sure I will forget to add --syslog each time.

The answer is… YES of course 😉

Like other options, you can configure it and persist it like this:

JS  shell.options.setPersist("history.sql.syslog", 1)

This means that if you have started mysqlsh with --syslog, it’s also possible to disable it for the current session and re-enable it like this:

JS  shell.options.set("history.sql.syslog", 0)

JS  shell.options.set("history.sql.syslog", 1)

This feature is very useful to track who did what on the system. I think it would be a great idea to extend it to the other modes (JavaScript & Python) and also non-interactive commands from a script or from command line.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

follow me

Subscribe to Blog via Email

Leave a ReplyCancel Reply