1MYSQLAUDITGREP(1) MySQL Utilities MYSQLAUDITGREP(1)
2
6 mysqlauditgrep - Search an audit log
7
9 mysqlauditgrep
11 [OPTIONS]...
12 AUDIT_LOG_FILE
13 mysqlauditgrep
14 --file-stats[--format=FORMAT]
15 AUDIT_LOG_FILE
16 mysqlauditgrep
17 --format=FORMAT
18 AUDIT_LOG_FILE
19 mysqlauditgrep
20 [--users=USERS]
21 [--start-date=START_DATE]
22 [--end-date=END_DATE]
23 [--pattern=PATTERN[--regexp]]
24 [--query-type=QUERY_TYPE]
25 [--event-type=EVENT_TYPE]
26 [--status=STATUS]
27 [--format=FORMAT]
28 AUDIT_LOG_FILE
29
31 This utility allows you to search the current or archived audit logs,
32 allowing you to display data from the audit log file according to the
33 defined search criterion. It also allows you to output the results in
34 different formats, namely GRID (default), TAB, CSV, VERTICAL, and RAW
35 (the original XML format).
36 This utility allows you to search and filter the returned audit log
38 records by: users (--users), date and time ranges (--start-date and
39 --end-date), SQL query types (--query-type), logged event and record
40 types (--event-type), status (--status), and matching patterns
41 (--pattern). Any of these search options can be combined and used
42 together, with the retrieved records resulting from all passed in
43 options being true.
44 The --pattern supports two types of pattern matching: standard SQL,
46 used with the SQL LIKE operator (SQL patterns), and standard REGEXP
47 (POSIX regular expression patterns).
48 This utility always requires an audit log file to be passed in, so the
50 AUDIT_LOG_FILE argument is searched as a full path and file name for
51 the audit log file. If not specified, a notification concerning this
52 requirement will be printed. And if --format is passed in without
53 search parameters, then all the records of the audit log are displayed
54 in the specified format.
55 The --file-stats option is not considered a search criteria, and is
57 used to display the file statistics of a specified audit log. Other
58 search options will be ignored when the --file-stats option is used,
59 except the --format option will continue to format the results
60 accordingly.
61 To specify the format of the generated results, use one of the
63 following values with the --format option:
64 · GRID (default)
66 Display output in grid or table format like that of the mysql
68 client command-line tool.
69 · CSV
71 Display output in comma-separated values format.
73 · VERTICAL
75 Display output in single-column format like that of the \G command
77 for the mysql client command-line tool.
78 · RAW
80 Display output results in the original raw format of the audit log
82 records, which is written in XML.
83 Standard SQL Pattern Matching.PP The simple patterns defined by the SQL
84 standard enables users to use two characters with special meanings: “%”
85 (percent) matches zero or more characters, and “_” (underscore) matches
86 exactly one arbitrary character. In standard SQL, these types of
87 patterns are used with the LIKE comparison operator, and they are
88 case-insensitive by default. This utility assumes that they are
89 case-insensitive.
90 For example:
92 · "audit%"
94 Match any string that starts with "audit".
96 · "%log%"
98 Match any string containing the word "log".
100 · "%_"
102 Match any string consisting of one or more characters.
104 For documentation about the standard SQL pattern matching syntax, see
106 Pattern Matching[1]. REGEXP Pattern Matching (POSIX).PP Standard
107 REGEXP patterns are more powerful than the simple patterns defined in
108 the SQL standard. A regular expression is a string of ordinary and
109 special characters specified to match other strings. Unlike SQL
110 Patterns, REGEXP patterns are case-sensitive. The REGEXP syntax defines
111 the following characters with special meaning:
112 · .
114 Match any character.
116 · ^
118 Match the beginning of a string.
120 · $
122 Match the end of a string.
124 · \
126 Match zero or more repetitions of the preceding regular expression.
128 · +
130 Match one or more repetitions of the preceding regular expression.
132 · ?
134 Match zero or one repetition of the preceding regular expression.
136 · |
138 Match either the regular expressions from the left or right of |.
140 · []
142 Indicates a set of characters to match.
144 Note
146 Special characters lose their special meaning inside sets. In
147 particular, the caret symbol (^) acquires a different meaning
148 if it is the first character of the set, matching the
149 complementary set (i.e., all the characters that are not in the
150 set will be matched).
151 · {m}
153 Match m repetitions of the preceding regular expression.
155 · {m,n}
157 Match from m to n repetitions of the preceding regular expression.
159 · ()
161 Define a matching group, and matches the regular expression inside
163 the parentheses.
164 For example:
166 · "a\*"
168 Match a sequence of zero or more a.
170 · "a+"
172 Match a sequence of one or more a.
174 · "a?"
176 Match zero or one a.
178 · "ab|cd"
180 Match ab or cd.
182 · "[axy]"
184 Match a, x or y.
186 · "[a-f]"
188 Match any character in the range a to f (that is, a, b, c, d, e, or
190 f).
191 · "[^axy]"
193 Match any character except a, x or y.
195 · "a{5}"
197 Match exactly five copies of a.
199 · "a{2,5}"
201 Match from two to five copies of a.
203 · "(abc)+"
205 Match one or more repetitions of abc.
207 This is a brief overview of regular expressions that can be used to
209 define this type of patterns. The full syntax is described in the
210 Python "re" module docs[2], supporting the definition of much more
211 complex pattern matching expression. OPTIONS.PP mysqlauditgrep accepts
212 the following command-line options:
213 · --end-date=<END_DATE>
215 End date/time to retrieve log entries until the specified date/time
217 range. If not specified or the value is 0, all entries to the end
218 of the log are displayed. Accepted formats: "yyyy-mm-ddThh:mm:ss"
219 or "yyyy-mm-dd".
220 · --event-type=<EVENT_TYPE>
222 Comma-separated list of event types to search in all audit log
224 records matching the specified types. Supported values are: Audit,
225 Binlog Dump, Change user, Close stmt, Connect Out, Connect, Create
226 DB, Daemon, Debug, Delayed insert, Drop DB, Execute, Fetch, Field
227 List, Init DB, Kill, Long Data, NoAudit, Ping, Prepare,
228 Processlist, Query, Quit, Refresh, Register Slave, Reset stmt, Set
229 option, Shutdown, Sleep, Statistics, Table Dump, Time.
230 · --file-stats
232 Display the audit log file statistics.
234 · --format=FORMAT, -f FORMAT
236 Output format to display the resulting data. Supported format
238 values: GRID (default), TAB, CSV, VERTICAL and RAW.
239 · --help
241 Display a help message and exit.
243 · --license
245 Display license information and exit.
247 · --pattern=<PATTERN>, -e <PATTERN>
249 Search pattern to retrieve all entries with at least one attribute
251 value matching the specified pattern. By default the standard SQL
252 LIKE patterns are used for matching. If the --regexp option is set,
253 then REGEXP patterns must be specified for matching.
254 · --query-type=<QUERY_TYPE>
256 Comma-separated list of SQL statements/commands to search for and
258 match. Supported values: CREATE, ALTER, DROP, TRUNCATE, RENAME,
259 GRANT, REVOKE, SELECT, INSERT, UPDATE, DELETE, COMMIT, SHOW, SET,
260 CALL, PREPARE, EXECUTE, DEALLOCATE.
261 · --regexp, --basic-regexp, -G
263 Indicates that pattern matching will be performed using a regular
265 expression REGEXP (from the Python re module). By default, the
266 simple standard SQL LIKE patterns are used for matching. This
267 affects how the value specified by the --pattern option is
268 interpreted.
269 · --start-date=<START_DATE>
271 Starting date/time to retrieve log entries from the specified
273 date/time range. If not specified or the value is 0, all entries
274 from the start of the log are displayed. Accepted formats:
275 yyyy-mm-ddThh:mm:ss or yyyy-mm-dd.
276 · --status=<STATUS>
278 Comma-separated list of status values or intervals to search for
280 all audit log records with a matching status. Status values are
281 non-negative integers (corresponding to MySQL error codes). Status
282 intervals are closed (i.e., include both endpoints) and defined
283 simply using a dash between its endpoints. For Example:
284 1051,1068-1075,1109,1146.
285 The --status option is available as of MySQL Utilities 1.2.4 /
287 1.3.3.
288 · --users=<USERS>, -u <USERS>
290 Comma-separated list of user names, to search for their associated
292 log entries. For example: "dan,jon,john,paul,philip,stefan".
293 · --verbose, -v
295 Specify how much information to display. Use this option multiple
297 times to increase the amount of information. For example, -v =
298 verbose, -vv = more verbose, -vvv = debug.
299 · --version
301 Display version information and exit.
303 NOTES.PP This utility is available as of MySQL Utilities 1.2.0.
304 This utility can only be applied to servers with the audit log plugin
306 enabled[3]. And the audit log plugin is available as of MySQL Server
307 versions 5.5.28 and 5.6.10.
308 This utility support both of the existing audit log file formats (old
310 and new). The new audit log format is supported as of MySQL Utilities
311 1.4.3. See The Audit Log File[4], for more information about available
312 file formats.
313 This utility requires the use of Python version 2.6 or higher, but does
315 not support Python 3.
316 Single or double quote characters (respectively, ' or ") can be used
318 around option values. In fact, quotes are required to set some options
319 values correctly, such as values with whitespace. For example, to
320 specify the event types Create DB and Drop DB for the --event-type
321 option, the following syntax must be used: --event-type='Create DB,Drop
322 DB' or --event-type="Create DB,Drop DB". EXAMPLES.PP To display the
323 audit log file statistics and output the results in CSV format, run the
324 following command:
325 shell> mysqlauditgrep --file-stats --format=CSV /SERVER/data/audit.log
327 #
328 # Audit Log File Statistics:
329 #
330 File,Size,Created,Last Modified
331 audit.log,9101,Thu Sep 27 13:33:11 2012,Thu Oct 11 17:40:35 2012
332 #
333 # Audit Log Startup Entries:
334 #
335 SERVER_ID,STARTUP_OPTIONS,NAME,TIMESTAMP,MYSQL_VERSION,OS_VERSION,VERSION
336 1,/SERVER/sql/mysqld --defaults-file=/SERVER/my.cnf,Audit,2012-09-27T13:33:11,5.5.29-log,x86_64-Linux,1
337 To display the audit log entries of specific users, use the following
339 command:
340 shell> mysqlauditgrep --users=tester1,tester2 /SERVER/data/audit.log
342 To display the audit log file statistics, run the following command:
344 shell> mysqlauditgrep --users=tester1,tester2 /SERVER/data/audit.log
346 +---------+------------+----------+----------------------+----------------+------------+----------+------------+------------+----------------------------------+
347 | STATUS | SERVER_ID | NAME | TIMESTAMP | CONNECTION_ID | HOST | USER | PRIV_USER | IP | SQLTEXT |
348 +---------+------------+----------+----------------------+----------------+------------+----------+------------+------------+----------------------------------+
349 | 0 | 1 | Connect | 2012-09-28T11:26:50 | 9 | localhost | root | tester1 | 127.0.0.1 | None |
350 | 0 | 1 | Query | 2012-09-28T11:26:50 | 9 | None | root | tester1 | None | SET @@session.autocommit = OFF |
351 | 0 | 1 | Ping | 2012-09-28T11:26:50 | 9 | None | root | tester1 | None | None |
352 | 0 | 1 | Query | 2012-09-28T11:26:50 | 9 | None | root | tester1 | None | SHOW VARIABLES LIKE 'READ_ONLY' |
353 | 0 | 1 | Query | 2012-09-28T11:26:50 | 9 | None | root | tester1 | None | COMMIT |
354 | 0 | 1 | Ping | 2012-09-28T11:26:50 | 9 | None | root | tester1 | None | None |
355 | 0 | 1 | Query | 2012-09-28T11:26:50 | 9 | None | root | tester1 | None | COMMIT |
356 | 0 | 1 | Quit | 2012-09-28T11:26:50 | 9 | None | root | tester1 | None | None |
357 | 0 | 1 | Connect | 2012-10-10T15:55:55 | 11 | localhost | tester2 | root | 127.0.0.1 | None |
358 | 0 | 1 | Query | 2012-10-10T15:55:55 | 11 | None | tester2 | root | None | select @@version_comment limit 1 |
359 | 0 | 1 | Query | 2012-10-10T15:56:10 | 11 | None | tester2 | root | None | show databases |
360 | 1046 | 1 | Query | 2012-10-10T15:57:26 | 11 | None | tester2 | root | None | show tables test |
361 | 1046 | 1 | Query | 2012-10-10T15:57:36 | 11 | None | tester2 | root | None | show tables test |
362 | 0 | 1 | Query | 2012-10-10T15:57:51 | 11 | None | tester2 | root | None | show tables in test |
363 | 0 | 1 | Quit | 2012-10-10T15:57:59 | 11 | None | tester2 | root | None | None |
364 | 0 | 1 | Connect | 2012-10-10T17:35:42 | 12 | localhost | tester2 | root | 127.0.0.1 | None |
365 | 0 | 1 | Query | 2012-10-10T17:35:42 | 12 | None | tester2 | root | None | select @@version_comment limit 1 |
366 | 0 | 1 | Quit | 2012-10-10T17:47:22 | 12 | None | tester2 | root | None | None |
367 +---------+------------+----------+----------------------+----------------+------------+----------+------------+------------+----------------------------------+
368 To display the audit log entries for a specific date/time range, use
370 the following command:
371 shell> mysqlauditgrep --start-date=2012-09-27T13:33:47 --end-date=2012-09-28 /SERVER/data/audit.log
373 +---------+----------------------+--------+----------------+---------------------------------------------------------------------------+
374 | STATUS | TIMESTAMP | NAME | CONNECTION_ID | SQLTEXT |
375 +---------+----------------------+--------+----------------+---------------------------------------------------------------------------+
376 | 0 | 2012-09-27T13:33:47 | Ping | 7 | None |
377 | 0 | 2012-09-27T13:33:47 | Query | 7 | SELECT * FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'audit%' |
378 | 0 | 2012-09-27T13:33:47 | Query | 7 | COMMIT |
379 | 0 | 2012-09-27T13:34:48 | Quit | 7 | None |
380 | 0 | 2012-09-27T13:34:48 | Quit | 8 | None |
381 +---------+----------------------+--------+----------------+---------------------------------------------------------------------------+
382 To display the audit log entries matching a specific SQL LIKE pattern,
384 use the following command:
385 shell> mysqlauditgrep --pattern="% = ___"; /SERVER/data/audit.log
387 +---------+----------------------+--------+---------------------------------+----------------+
388 | STATUS | TIMESTAMP | NAME | SQLTEXT | CONNECTION_ID |
389 +---------+----------------------+--------+---------------------------------+----------------+
390 | 0 | 2012-09-27T13:33:39 | Query | SET @@session.autocommit = OFF | 7 |
391 | 0 | 2012-09-27T13:33:39 | Query | SET @@session.autocommit = OFF | 8 |
392 | 0 | 2012-09-28T11:26:50 | Query | SET @@session.autocommit = OFF | 9 |
393 | 0 | 2012-09-28T11:26:50 | Query | SET @@session.autocommit = OFF | 10 |
394 +---------+----------------------+--------+---------------------------------+----------------+
395 To display the audit log entries matching a specific REGEXP pattern,
397 use the following command:
398 shell> mysqlauditgrep --pattern=".* = ..." --regexp /SERVER/data/audit.log
400 +---------+----------------------+--------+---------------------------------+----------------+
401 | STATUS | TIMESTAMP | NAME | SQLTEXT | CONNECTION_ID |
402 +---------+----------------------+--------+---------------------------------+----------------+
403 | 0 | 2012-09-27T13:33:39 | Query | SET @@session.autocommit = OFF | 7 |
404 | 0 | 2012-09-27T13:33:39 | Query | SET @@session.autocommit = OFF | 8 |
405 | 0 | 2012-09-28T11:26:50 | Query | SET @@session.autocommit = OFF | 9 |
406 | 0 | 2012-09-28T11:26:50 | Query | SET @@session.autocommit = OFF | 10 |
407 +---------+----------------------+--------+---------------------------------+----------------+
408 To display the audit log entries of specific query types, use the
410 following command:
411 shell> mysqlauditgrep --query-type=show,SET /SERVER/data/audit.log
413 +---------+----------------------+--------+-------------------------------------------------+----------------+
414 | STATUS | TIMESTAMP | NAME | SQLTEXT | CONNECTION_ID |
415 +---------+----------------------+--------+-------------------------------------------------+----------------+
416 | 0 | 2012-09-27T13:33:39 | Query | SET NAMES 'latin1' COLLATE 'latin1_swedish_ci' | 7 |
417 | 0 | 2012-09-27T13:33:39 | Query | SET @@session.autocommit = OFF | 7 |
418 | 0 | 2012-09-27T13:33:39 | Query | SHOW VARIABLES LIKE 'READ_ONLY' | 7 |
419 | 0 | 2012-09-27T13:33:39 | Query | SHOW VARIABLES LIKE 'datadir' | 7 |
420 | 0 | 2012-09-27T13:33:39 | Query | SHOW VARIABLES LIKE 'basedir' | 7 |
421 | 0 | 2012-09-27T13:33:39 | Query | SET NAMES 'latin1' COLLATE 'latin1_swedish_ci' | 8 |
422 | 0 | 2012-09-27T13:33:39 | Query | SET @@session.autocommit = OFF | 8 |
423 | 0 | 2012-09-27T13:33:39 | Query | SHOW VARIABLES LIKE 'READ_ONLY' | 8 |
424 | 0 | 2012-09-27T13:33:39 | Query | SHOW VARIABLES LIKE 'basedir' | 8 |
425 | 0 | 2012-09-28T11:26:50 | Query | SET NAMES 'latin1' COLLATE 'latin1_swedish_ci' | 9 |
426 | 0 | 2012-09-28T11:26:50 | Query | SET @@session.autocommit = OFF | 9 |
427 | 0 | 2012-09-28T11:26:50 | Query | SHOW VARIABLES LIKE 'READ_ONLY' | 9 |
428 | 0 | 2012-09-28T11:26:50 | Query | SET NAMES 'latin1' COLLATE 'latin1_swedish_ci' | 10 |
429 | 0 | 2012-09-28T11:26:50 | Query | SET @@session.autocommit = OFF | 10 |
430 | 0 | 2012-09-28T11:26:50 | Query | SHOW VARIABLES LIKE 'READ_ONLY' | 10 |
431 | 0 | 2012-09-28T11:26:50 | Query | SET @@GLOBAL.audit_log_flush = ON | 10 |
432 | 0 | 2012-09-28T11:26:50 | Query | SHOW VARIABLES LIKE 'audit_log_policy' | 10 |
433 | 0 | 2012-09-28T11:26:50 | Query | SHOW VARIABLES LIKE 'audit_log_rotate_on_size' | 10 |
434 | 0 | 2012-10-10T15:56:10 | Query | show databases | 11 |
435 | 1046 | 2012-10-10T15:57:26 | Query | show tables test | 11 |
436 | 1046 | 2012-10-10T15:57:36 | Query | show tables test | 11 |
437 | 0 | 2012-10-10T15:57:51 | Query | show tables in test | 11 |
438 +---------+----------------------+--------+-------------------------------------------------+----------------+
439 To display the audit log entries of specific event types, use the
441 following command:
442 shell> mysqlauditgrep --event-type="Ping,Connect" /SERVER/data/audit.log
444 +---------+----------+----------------------+----------------+------------+---------+------------+------------+
445 | STATUS | NAME | TIMESTAMP | CONNECTION_ID | HOST | USER | PRIV_USER | IP |
446 +---------+----------+----------------------+----------------+------------+---------+------------+------------+
447 | 0 | Connect | 2012-09-27T13:33:39 | 7 | localhost | root | root | 127.0.0.1 |
448 | 0 | Ping | 2012-09-27T13:33:39 | 7 | None | None | None | None |
449 | 0 | Ping | 2012-09-27T13:33:39 | 7 | None | None | None | None |
450 | 0 | Ping | 2012-09-27T13:33:39 | 7 | None | None | None | None |
451 | 0 | Ping | 2012-09-27T13:33:39 | 7 | None | None | None | None |
452 | 0 | Connect | 2012-09-27T13:33:39 | 8 | localhost | root | root | 127.0.0.1 |
453 | 0 | Ping | 2012-09-27T13:33:39 | 8 | None | None | None | None |
454 | 0 | Ping | 2012-09-27T13:33:39 | 8 | None | None | None | None |
455 | 0 | Ping | 2012-09-27T13:33:47 | 7 | None | None | None | None |
456 | 0 | Connect | 2012-09-28T11:26:50 | 9 | localhost | root | tester | 127.0.0.1 |
457 | 0 | Ping | 2012-09-28T11:26:50 | 9 | None | None | None | None |
458 | 0 | Ping | 2012-09-28T11:26:50 | 9 | None | None | None | None |
459 | 0 | Connect | 2012-09-28T11:26:50 | 10 | localhost | root | root | 127.0.0.1 |
460 | 0 | Ping | 2012-09-28T11:26:50 | 10 | None | None | None | None |
461 | 0 | Ping | 2012-09-28T11:26:50 | 10 | None | None | None | None |
462 | 0 | Ping | 2012-09-28T11:26:50 | 10 | None | None | None | None |
463 | 0 | Ping | 2012-09-28T11:26:50 | 10 | None | None | None | None |
464 | 0 | Ping | 2012-09-28T11:26:50 | 10 | None | None | None | None |
465 | 0 | Connect | 2012-10-10T15:55:55 | 11 | localhost | tester | root | 127.0.0.1 |
466 | 0 | Connect | 2012-10-10T17:35:42 | 12 | localhost | tester | root | 127.0.0.1 |
467 +---------+----------+----------------------+----------------+------------+---------+------------+------------+
468 To display the audit log entries with a specific status, use the
470 following command:
471 shell> mysqlauditgrep --status=1100-1199,1046 /SERVER/data/audit.log
473 +---------+----------------------+--------+---------------------------------------------------------------------+----------------+
474 | STATUS | TIMESTAMP | NAME | SQLTEXT | CONNECTION_ID |
475 +---------+----------------------+--------+---------------------------------------------------------------------+----------------+
476 | 1046 | 2012-10-10T15:57:26 | Query | show tables test | 11 |
477 | 1046 | 2012-10-10T15:57:36 | Query | show tables test | 11 |
478 | 1146 | 2012-10-10T17:44:55 | Query | select * from teste.employees where salary > 500 and salary < 1000 | 12 |
479 | 1046 | 2012-10-10T17:47:17 | Query | select * from test_encoding where value = '<>"&' | 12 |
480 +---------+----------------------+--------+---------------------------------------------------------------------+----------------+
481 Note
484 You can view all successful commands with --status=0, and all
485 unsuccessful commands with --status=1-9999.
486 To display the audit log entries matching several search criteria, use
488 the following command:
489 shell> mysqlauditgrep --users=root --start-date=0 --end-date=2012-10-10 --event-type=Query \
491 --query-type=SET --status=0 --pattern="%audit_log%" /SERVER/data/audit.log
492 +---------+------------+--------+----------------------+----------------+-------+------------+------------------------------------+
493 | STATUS | SERVER_ID | NAME | TIMESTAMP | CONNECTION_ID | USER | PRIV_USER | SQLTEXT |
494 +---------+------------+--------+----------------------+----------------+-------+------------+------------------------------------+
495 | 0 | 1 | Query | 2012-09-28T11:26:50 | 10 | root | root | SET @@GLOBAL.audit_log_flush = ON |
496 +---------+------------+--------+----------------------+----------------+-------+------------+------------------------------------+
497 PERMISSIONS REQUIRED.PP The user must have permissions to read the
499 audit log on disk.
500
502 Copyright © 2006, 2015, Oracle and/or its affiliates. All rights
503 reserved.
504 This documentation is free software; you can redistribute it and/or
506 modify it only under the terms of the GNU General Public License as
507 published by the Free Software Foundation; version 2 of the License.
508 This documentation is distributed in the hope that it will be useful,
510 but WITHOUT ANY WARRANTY; without even the implied warranty of
511 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
512 General Public License for more details.
513 You should have received a copy of the GNU General Public License along
515 with the program; if not, write to the Free Software Foundation, Inc.,
516 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or see
517 http://www.gnu.org/licenses/.
518
521 1. Pattern Matching
522 http://dev.mysql.com/doc/refman/5.6/en/pattern-matching.html
523 2. Python "re" module docs
525 http://docs.python.org/2/library/re.html
526 3. audit log plugin enabled
528 http://dev.mysql.com/doc/refman/5.6/en/audit-log-plugin-installation.html
529 4. The Audit Log File
531 http://dev.mysql.com/doc/refman/5.6/en/audit-log-file.html
532
534 For more information, please refer to the MySQL Utilities and Fabric
535 documentation, which is available online at
536 http://dev.mysql.com/doc/index-utils-fabric.html
537
539 Oracle Corporation (http://dev.mysql.com/).
540MySQL 1.5.6 09/15/2015 MYSQLAUDITGREP(1)