MDEV-18386: Add server_audit_timestamp_format to customize audit log timestamps#4633
MDEV-18386: Add server_audit_timestamp_format to customize audit log timestamps#4633abhishek593 wants to merge 9 commits intoMariaDB:mainfrom
Conversation
gkodinov
added
the
External Contribution
gkodinov
left a comment
gkodinov
left a comment
There was a problem hiding this comment.
This is a preliminary review. Thank you for your contribution!
gkodinov
left a comment
gkodinov
left a comment
There was a problem hiding this comment.
it was a good first iteration. Thanks for working on that. Another round of comments coming up.
gkodinov
left a comment
gkodinov
left a comment
There was a problem hiding this comment.
LGTM after fixing the below. Please expect a final review.
plugin/server_audit/server_audit.cc
Outdated
| NULL, NULL, 1024, 0, 0x7FFFFFFF, 1); | ||
| static MYSQL_SYSVAR_STR(timestamp_format, timestamp_format, | ||
| PLUGIN_VAR_RQCMDARG, | ||
| "The format string the strftime() routine applies with its format argument", |
There was a problem hiding this comment.
I'd say: a format string used to print the timestamp into the audit log messages. The format used is the same as strftime. Default is empty, meaning use the existing hard-coded format.
plugin/server_audit/server_audit.cc
Outdated
| if (timestamp_format_buffer[0]) | ||
| ts_len= strftime(ts_tmp, sizeof(ts_tmp), timestamp_format_buffer, &tm_time); | ||
|
|
||
| if (ts_len == 0) |
There was a problem hiding this comment.
just do "else" here. Easier to read.
plugin/server_audit/server_audit.cc
Outdated
| { | ||
| if (!(is_active= (logger_write(logfile, message, len) == (int) len))) | ||
| struct tm tm_time; | ||
| char ts_tmp[TIMESTAMP_OUTPUT_LENGTH]; |
There was a problem hiding this comment.
256 bytes in the stack ... this is a bit much. I'd allocate a buffer outside of the lock and pass it down. Or, better, it's going at the start of message anyway, can't you just print it there directly instead of using a temp buffer and then memcpy() into it?
There was a problem hiding this comment.
Yeah, so here's what I changed. Removed the temp buffer, and directly stored the output of strftime in message buffer at the beginning, then used memmove to shift the output from the start to the end of reserved space.
plugin/server_audit/server_audit.cc
Outdated
| /** | ||
| Write to the log, acquiring the lock. | ||
| */ | ||
| */ |
There was a problem hiding this comment.
don't do white-space only changes please!
plugin/server_audit/server_audit.cc
Outdated
| const char *userip, unsigned int userip_len, | ||
| unsigned int connection_id, unsigned int port, | ||
| long long query_id, const char *operation) | ||
| const char *serverhost, size_t serverhost_len, |
There was a problem hiding this comment.
no white-space only changes please
plugin/server_audit/server_audit.cc
Outdated
| time_t ctime; | ||
| size_t csize; | ||
| char message[1024]; | ||
| char raw_message[1024 + TIMESTAMP_OUTPUT_LENGTH]; |
There was a problem hiding this comment.
I'd use some named const size_t for the 1k constant
plugin/server_audit/server_audit.cc
Outdated
|
|
||
| (void) time(&ctime); | ||
| csize= log_header(message, sizeof(message)-1, &ctime, | ||
| csize= log_header(message, 1024-1, |
There was a problem hiding this comment.
why do you need to do this? Can't you just pass the actual length as you used to do? And then do the calculation inside this func?
There was a problem hiding this comment.
Previously message was a fixed size array (1024). In the new version, its a pointer to an offset within a large buffer, so we must explicitly pass the correct size (MAX_AUDIT_PAYLOAD_LENGTH).
plugin/server_audit/server_audit.cc
Outdated
| time_t ctime; | ||
| size_t csize; | ||
| char message[1024]; | ||
| char raw_message[1024 + TIMESTAMP_OUTPUT_LENGTH]; |
There was a problem hiding this comment.
same here: use a named constant for 1k
plugin/server_audit/server_audit.cc
Outdated
| timestamp_format); | ||
| CLIENT_ERROR(1, "server_audit_timestamp_format can't exceed %d characters.", | ||
| MYF(ME_WARNING), TIMESTAMP_FORMAT_LENGTH - 1); | ||
| return; |
There was a problem hiding this comment.
validity checks must be done in the check callback, not in the update callbac
plugin/server_audit/server_audit.cc
Outdated
| PLUGIN_VAR_RQCMDARG, | ||
| "A format string used to print the timestamp into the audit log messages " | ||
| "The format used is the same as strftime and the default is empty which uses " | ||
| "the existing hard-coded format", |
There was a problem hiding this comment.
Small issue: don't make it "empty = hard-coded", it's not very intuitive, simply set the default value of timestamp_format to the correct (backward compatible) value.
Big issue: don't use strftime. The server already has date-to-string formatting function DATE_FORMAT(). We should not let different parts of the server to implement formatting differently. For example, %M should always and everywhere have the same meaning.
That is, invoke server's date-to-string function. And to do that, it must be in a service. But, perhaps, you can add a new method to the timezone service and not create a new one.
There was a problem hiding this comment.
I have updated the implementation and added a new method in the timezone service.
vuvova
left a comment
vuvova
left a comment
There was a problem hiding this comment.
Looks quite good. The service is almost correct and its usage is correct. %z should print global time zone. And I don't quite understand why you moved time->string conversion away from log_header
| select 5; | ||
| 5 | ||
| 5 | ||
| set global server_audit_timestamp_format='%Y%m%d %H:%i:%s'; |
There was a problem hiding this comment.
you can try set global server_audit_timestamp_format=default instead
| --plugin-load-add=server_audit | ||
| --server_audit_file_path='server_audit_timestamp.log' | ||
| --server_audit_output_type=file | ||
| --server_audit_events='query' |
There was a problem hiding this comment.
let's test setting of timestamp format on the command line too
| set global server_audit_timestamp_format='CUSTOM-DATE %Y-%m-%d'; | ||
| select 2; | ||
|
|
||
| # Custom format 2: Including timezone (if supported by system strftime) |
There was a problem hiding this comment.
you can now remove references to the "system strftime" from comments
| #endif | ||
| #ifndef MAX_AUDIT_QUERY_LENGTH | ||
| #define MAX_AUDIT_QUERY_LENGTH 2048 | ||
| #endif |
There was a problem hiding this comment.
let's drop these #ifndef/#endif, simply define what you want. Easier to read and we don't really expect anyone to define this outside of the plugin
| str.length(0); | ||
| make_date_time(thd ? thd : current_thd, &fmt, ltime, MYSQL_TIMESTAMP_DATETIME, | ||
| thd ? thd->variables.lc_time_names : | ||
| global_system_variables.lc_time_names, |
There was a problem hiding this comment.
The service is good. How you use it is good. It is very correct to pass NULL as the thd here:
thd_gmt_sec_to_TIME(NULL, <ime, ts);
...
thd_TIME_to_str(NULL, <ime, timestamp_format_buffer,which means "use global time zone and locale", because session settings should not affect the global audit log.
But make_date_time() uses session time zone for %z format. I suspect you need to modify make_date_time to take a time zone as an argument, just as it takes locale.
| "%04d%02d%02d %02d:%02d:%02d,%.*s,%.*s,%.*s%s,%d,%lld,%s", | ||
| tm_time.tm_year+1900, tm_time.tm_mon+1, tm_time.tm_mday, | ||
| tm_time.tm_hour, tm_time.tm_min, tm_time.tm_sec, | ||
| ",%.*s,%.*s,%.*s%s,%d,%lld,%s", |
There was a problem hiding this comment.
I thought it'd be natural to generate the timestamp string here and print like
"%s,%.*s,%.*s,%.*s%s,%d,%lld,%s", ts_start, ...
Why did you move it to write_log() ?
3 participants
This PR adds a new global system variable, server_audit_timestamp_format, to the MariaDB Audit Plugin.
Key changes: