MySQL Utilities

3.6.2 How do you copy or move the audit log?

The audit log information can grow quickly and considerably depending on the type of information written and the activity of the MySQL server. Therefore, it might be a good idea to copy the audit log files to a different location and free some storage on the server.

The mysqlauditadmin utility also provides this useful functionality.


The goal of this task is to copy an existing audit log file to a different location using the mysqlauditadmin utility.

It is assumed that the utility is executed on the destination host which must be a non-Windows system with the scp (Secure Copy) command line program, and that must have access to the MySQL remote server and its data directory with the provided credentials (user and password). It is also assumed that the specified audit log file exists and user has write privileges on the target directory.

Example Execution

shell> mysqlauditadmin --audit-log-name=/MySQL/SERVER/data/audit.log.13753706179878237 \
          copy --copy-to=/ARCHIVE/Audit_Logs --remote-login=user1:server1
# Copying file from server1:/MySQL/SERVER/data/audit.log.13753706179878237 to /ARCHIVE/Audit_Logs:
user1@server1's password:
audit.log.13753706179878237                   100% 4716     4.6KB/s   00:01      


The copy operation can be performed with the mysqlauditadmin utility using the 'copy' command requiring the following options: the --audit-log-name option to specify the path and filename of the audit log file to copy, the --copy-to option to indicate the destination folder, and the --remote-login option to specify the user and remote host where the file is located (a prompt for the user password is displayed).

The --remote-login option is not required if the source and destination location are on the same server where the utility is executed. Moreover, this option is not supported in Windows system where UNC paths should be used.

Permissions Required

The user must have permissions to read the audit log on disk and write the file to the remove location.

Tips and Tricks

The name of the audit log file (audit.log, by default) is defined by the audit_log_file variable displayed by mysqlauditadmin when using the --show-options option. Existing audit log files have a timestamp extension except the one that is currently in use. That being said, it might be useful to know that it is possible to get information about the existing audit log files using mysqlrpladmin. For instance, to determine which files need to be copied. To get this information use the --file-stats option and the --audit-log-name option specifying the full path of the current audit log file (i.e., without the timestamp extension). For example:

shell> mysqlauditadmin --file-stats --audit-log-name=/MySQL/SERVER/data/audit.log
| File                         | Size       | Created                   | Last Modified             |
| audit.log.13753706179878237  | 4716       | Thu Aug  1 16:23:37 2013  | Thu Aug  1 16:23:37 2013  |
| audit.log                    | 6062       | Thu Aug  1 16:24:26 2013  | Thu Aug  1 16:24:26 2013  |
| audit.log.13753705495049727  | 335142503  | Thu Aug  1 16:22:29 2013  | Thu Aug  1 16:22:29 2013  |


If an audit log file with the timestamp extension is specified in this example for the --audit-log-name option, only the information of the specified file is displayed, as opposed to the file statistics of all existing files.