iCompaas Support

Profile Applicability:

• Level 2
  

Description:
The audit_log_events parameter in MySQL defines the types of events that are logged in the audit logs. Setting it to include CONNECTION helps log items such as successful and failed connection attempts to the server. This log data is useful for identifying unauthorized access, troubleshooting, and improving security.

Rationale:
 Enabling the logging of CONNECTION events ensures that all connection attempts, both successful and failed, are logged. This helps in tracking user activities, identifying potential security incidents, and meeting audit requirements. It's crucial for forensic investigations and ongoing security monitoring.

Impact:

• Pros:
  

  • Helps in identifying and troubleshooting connection issues.
    

  • Provides insight into failed login attempts, improving security monitoring.
    

  • Helps comply with security auditing requirements.
    

• Cons:
  

  • May incur additional storage costs due to the increased size of the logs.
    

  • High-traffic databases may generate large volumes of logs, which could impact performance if not managed properly.
    

Default Value:

By default, audit_log_events is not set to include CONNECTION.

Pre-requisites:

Ensure that audit_log_enabled is set to ON in MySQL.

Remediation

Test Plan:

Using Azure Portal:

1. Log in to Azure Portal: https://portal.azure.com.
   

2. Navigate to Azure Database for MySQL Servers.
   

3. For each MySQL server, select the server.
   

4. Under Settings, select Server parameters.
   

5. Ensure the audit_log_events parameter includes CONNECTION.
   

Using Azure CLI:
1. Run the following command to verify the audit_log_events setting:

az mysql server show --resource-group <resource-group-name> --name <server-name> --query "properties.parameters.audit_log_events"

• Ensure the output includes CONNECTION.
  

Implementation Plan:

Using Azure Portal:

1. Log in to Azure Portal.
   

2. Go to Azure Database for MySQL Servers.
   

3. Select the MySQL server.
   

4. Under Settings, click Server parameters.
   

5. Set audit_log_events to include CONNECTION and click Save.
   

Using Azure CLI:
1. To enable CONNECTION logging, use the following command:

az mysql server configuration set --resource-group <resource-group-name> --server-name <server-name> --name audit_log_events --value CONNECTION

Backout Plan:

Using Azure Portal:

1. Go to Azure Database for MySQL Servers.
   

2. Select the server and navigate to Server parameters.
   

3. Remove CONNECTION from audit_log_events if necessary.
   

Using Azure CLI:
1.  To remove CONNECTION from audit_log_events, run

az mysql server configuration set --resource-group <resource-group-name> --server-name <server-name> --name audit_log_events --value <previous-value>

References:

• Azure Database for MySQL - Configuring Audit Logs
  

• Azure MySQL Audit Log Events