Options for MariaDB database engine
Following, you can find descriptions for options, or additional features, that are available for Amazon RDS instances running the MariaDB DB engine. To turn on these options, you add them to a custom option group, and then associate the option group with your DB instance. For more information about working with option groups, see Working with option groups.
Amazon RDS supports the following options for MariaDB:
Option ID | Engine versions |
---|---|
|
MariaDB 10.3 and higher |
MariaDB Audit Plugin support
Amazon RDS supports using the MariaDB Audit Plugin on MariaDB database instances. The MariaDB Audit Plugin records database activity such as users logging on to the database, queries run against the database, and more. The record of database activity is stored in a log file.
Audit Plugin option settings
Amazon RDS supports the following settings for the MariaDB Audit Plugin option.
Note
If you don't configure an option setting in the RDS console, RDS uses the default setting.
Option setting | Valid values | Default value | Description |
---|---|---|---|
|
|
|
The location of the log file. The log file contains the record of the activity specified in |
|
1–1000000000 |
1000000 |
The size in bytes that when reached, causes the file to rotate. For more information, see Log rotation and retention for MariaDB. |
|
0–100 |
9 |
The number of log rotations to save when
|
|
|
|
The types of activity to record in the log. Installing the MariaDB Audit Plugin is itself logged.
|
|
Multiple comma-separated values |
None |
Include only activity from the specified users. By default, activity is recorded for all users.
|
|
Multiple comma-separated values |
None |
Exclude activity from the specified users. By default, activity is recorded for all users.
The Note
|
|
|
|
Logging is active.
The only valid value is |
|
0–2147483647 |
1024 |
The limit on the length of the query string in a record. |
Adding the MariaDB Audit Plugin
The general process for adding the MariaDB Audit Plugin to a DB instance is the following:
Create a new option group, or copy or modify an existing option group.
Add the option to the option group.
Associate the option group with the DB instance.
After you add the MariaDB Audit Plugin, you don't need to restart your DB instance. As soon as the option group is active, auditing begins immediately.
To add the MariaDB Audit Plugin
-
Determine the option group you want to use. You can create a new option group or use an existing option group. If you want to use an existing option group, skip to the next step. Otherwise, create a custom DB option group. Choose mariadb for Engine, and choose 10.3 or higher for Major engine version. For more information, see Creating an option group.
-
Add the MARIADB_AUDIT_PLUGIN option to the option group, and configure the option settings. For more information about adding options, see Adding an option to an option group. For more information about each setting, see Audit Plugin option settings.
-
Apply the option group to a new or existing DB instance.
-
For a new DB instance, you apply the option group when you launch the instance. For more information, see Creating an Amazon RDS DB instance.
-
For an existing DB instance, you apply the option group by modifying the DB instance and attaching the new option group. For more information, see Modifying an Amazon RDS DB instance.
-
Viewing and downloading the MariaDB Audit Plugin log
After you enable the MariaDB Audit Plugin, you access the results in the log files
the same way you access any other text-based log files. The audit log files are located at /rdsdbdata/log/audit/
.
For information about viewing the log file in the console, see Viewing and listing database log files.
For information about downloading the log file, see Downloading a database log file.
Modifying MariaDB Audit Plugin settings
After you enable the MariaDB Audit Plugin, you can modify settings for the plugin. For more information about how to modify option settings, see Modifying an option setting. For more information about each setting, see Audit Plugin option settings.
Removing the MariaDB Audit Plugin
Amazon RDS doesn't support turning off logging in the MariaDB Audit Plugin. However, you can remove the plugin from a DB instance. When you remove the MariaDB Audit Plugin, the DB instance is restarted automatically to stop auditing.
To remove the MariaDB Audit Plugin from a DB instance, do one of the following:
Remove the MariaDB Audit Plugin option from the option group it belongs to. This change affects all DB instances that use the option group. For more information, see Removing an option from an option group
Modify the DB instance and specify a different option group that doesn't include the plugin. This change affects a single DB instance. You can specify the default (empty) option group, or a different custom option group. For more information, see Modifying an Amazon RDS DB instance.