Purpose
AUDIT_LOG_FILTER_SET_FILTER() creates a trigger.
Applicability
This topic applies only to OceanBase Database Enterprise Edition. OceanBase Database Community Edition does not support security audit.
Syntax
AUDIT_LOG_FILTER_SET_FILTER('filter_name', 'definition_of_filters');
Description
Parameters
filter_name: the name of the filter.Note
The
AUDIT_LOG_FILTER_SET_FILTERfunction adopts theCREATE OR REPLACEsemantics. It overwrites an existing object when you perform a DDL operation on the object.definition_of_filters: the definition of the audit filter, which is expressed in the JSON format. The filter design principle in the current version is compatible with that of MySQL. However, a filter can filter audit events only by event type. Here are some examples of defining filters:A filter to specify to record all events
{ "filter": { "log": true } }A filter to specify to record none of the events
{ "filter": { "log": false } }A filter to specify to record only logins and logouts
{ "filter": { "log": true, "class": [ { "name": "connection" } ] } }An alternative of a filter to specify to record all events
{ "filter": { "log": true, "class": [ { "name": "connection" }, { "name": "general" }, { "name": "table_access" } ] } }
The following table describes the types of audit events.
| Event type | Description |
|---|---|
| connection | A login/logout. |
| table_access | Execution of a DML statement. |
| general | A parser error of a CMD command. |
Return value
The input of the function must be a string constant and the output is a string.
- If the DDL operation is successful, the expression returns
OK. - If the DDL operation fails, the
SELECTstatement is still successfully executed, and the expression outputs an error message.
Examples
Create a filter named
log_allto specify to record all events.SELECT AUDIT_LOG_FILTER_SET_FILTER('log_all', '{ "filter": { "log": true } }');The return result is as follows:
+-------------------------------------------------------------------------+ | AUDIT_LOG_FILTER_SET_FILTER('log_all', '{ "filter": { "log": true } }') | +-------------------------------------------------------------------------+ | OK | +-------------------------------------------------------------------------+ 1 row in setIf the DDL operation fails, the
SELECTstatement is still successfully executed, and the expression outputs an error message.SELECT AUDIT_LOG_FILTER_SET_FILTER('log_err', '1');The return result is as follows:
+---------------------------------------------+ | AUDIT_LOG_FILTER_SET_FILTER('log_err', '1') | +---------------------------------------------+ | ERROR: JSON parsing error. | +---------------------------------------------+ 1 row in set