iCompaas Support

Profile Applicability:

• Level 2
  

Description:
 Enabling the audit_log_enabled parameter on MySQL servers logs actions such as connection attempts, DDL (Data Definition Language), DML (Data Manipulation Language) access, and other queries. This helps in identifying, troubleshooting, and improving performance by keeping track of all database interactions.

Rationale:
 Enabling audit logging allows database administrators to monitor critical activities and review database access patterns, which is essential for security audits, troubleshooting, and performance optimization. It is particularly useful for compliance with standards requiring audit trails for security events.

Impact:

• Pros:
  

  • Provides detailed logs for security and performance analysis.
    

  • Helps track unauthorized access or malicious activities.
    

  • Supports compliance and audit requirements.
    

• Cons:
  

  • Increased storage costs due to the logs generated, especially on high-traffic servers.
    

  • May require additional configuration for managing large log files.
    

Default Value:

The audit_log_enabled parameter is set to OFF by default.

Pre-requisites:
 Ensure that proper log management and storage solutions are in place to handle the audit logs.

Remediation

Test Plan:

Using Azure Portal:

1. Log in to Azure Portal: https://portal.azure.com.
   

2. Go to Azure Database for MySQL Servers.
   

3. For each database, under the Settings section, click on Server parameters.
   

4. Ensure the audit_log_enabled parameter is set to ON.
   

Using Azure CLI:
1. Run the following command to check the audit_log_enabled parameter:

az mysql server show --resource-group <resource-group-name> --name <server-name> --query "properties.parameters.audit_log_enabled"

• The output should show true if the parameter is enabled.
  
  

Implementation Plan:

Using Azure Portal:

1. Log in to Azure Portal.
   

2. Navigate to Azure Database for MySQL Servers.
   

3. Select the database instance.
   

4. Under Settings, click on Server parameters.
   

5. Set the audit_log_enabled parameter to ON and save.
   

Using Azure CLI:
1. To enable the audit_log_enabled parameter, run the following command:

az mysql server configuration set --resource-group <resource-group-name> --server-name <server-name> --name audit_log_enabled --value ON

Backout Plan:

Using Azure Portal:

1. Go to Azure Database for MySQL Servers.
   

2. Under Settings, click on Server parameters.
   

3. Change the audit_log_enabled parameter to OFF and save.
   

Using Azure CLI:
1.  To disable the audit_log_enabled parameter, run:

az mysql server configuration set --resource-group <resource-group-name> --server-name <server-name> --name audit_log_enabled --value OFF

References:

• How to Configure Audit Logs for MySQL Database Servers
  

• Enable Logging for Security Investigation