Control: 4.4.3 Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
Description
Enable audit_log_enabled on MySQL Servers.
Enabling audit_log_enabled helps MySQL Database to log items such as connection attempts to the server, DDL/DML access, and more. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.
Remediation
From Azure Portal
- Login to Azure Portal using https://portal.azure.com.
- Select
Azure Database for MySQL Servers
. - Select a database.
- Under Settings, select
Server parameters
. - Update
audit_log_enabled
parameter to ON - Under Monitoring, select
Diagnostic settings
. - Select
+ Add diagnostic setting
. - Provide a diagnostic setting name.
- Under Categories, select
MySQL Audit Logs
. - Specify destination details.
- Click
Save
.
It may take up to 10 minutes for the logs to appear in the configured destination.
Default Value
audit_log_enabled is set to OFF by default
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v200_4_4_3
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v200_4_4_3 --share
SQL
This control uses a named query:
mysql_server_audit_logging_enabled