Skip to main content

lacework-global-627

4.4.4 Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server (Manual)

Profile Applicability

• Level 2

Description

Set audit_log_enabled to include CONNECTION on MySQL Servers

Rationale

Enabling CONNECTION helps MySQL Database to log items such as successful and failed connection attempts to the server. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.

Impact

There are further costs incurred for storage of logs. For high traffic databases these logs will be significant. Determine your organization's needs before enabling.

Audit

From Azure Portal

  1. From Azure Home select the Portal Menu
  2. Select your Azure Database for MySQL server
  3. For each database, under the Settings section in the sidebar, select Server parameters
  4. Ensure the audit_log_enabled parameter is set to ON
  5. Review the event types to be logged by updating the audit_log_events parameter; ensure CONNECTION is set

Remediation

From Azure Portal

  1. From Azure Home select the Portal Menu
  2. Select your Azure Database for MySQL server
  3. For each database, under the Settings section in the sidebar, select Server parameters
  4. Update the audit_log_enabled parameter to ON
  5. Select the event types to be logged by updating the audit_log_events parameter; ensure CONNECTION is set
  6. Under the Monitoring section in the sidebar, select Diagnostic settings.
  7. Provide a diagnostic setting name 8 Specify which data sinks to send the audit logs (storage account, event hub, and/or Log Analytics workspace)
  8. Select "MySqlAuditLogs" as the log type
  9. Once you've configured the data sinks to pipe the audit logs to, you can click Save
  10. Access the audit logs by exploring them in the data sinks you configured. It may take up to 10 minutes for the logs to appear

References

https://docs.microsoft.com/en-us/azure/mysql/single-server/how-to-configure-audit-logs-portal
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-3-enable-logging-for-security-investigation

Additional Information

There is also a CLI version: https://docs.microsoft.com/en-us/azure/mysql/single-server/how-to-configure-audit-logs-cli