• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 667
  • Last Modified:

MySQL audit storing application user ID

Hi Experts,

I am trying to set up auditing for changes to data in MySQL tables, for my Perl web application.  I've had a look at this:
    www.go4expert.com/articles/database-transaction-auditing-mysql-t7252
and that looks good because it uses triggers to automatically create the audit records, but it looks as if it will record the MySQL user (e.g. USER() or CURRENT_USER()) in the audit table record, and since my application uses the same MySQL user for all web users, this won't identify the actual person who is making the change.  In my application, the ID of the person making the change is stored in a Perl variable (say $userid, which is an integer).

So, without me having to do extra coding wherever I make changes to tables (presumably by using triggers), how can I get MySQL to audit all changes to my tables, recording the $userid (Perl variable) as the user who made the change?

I've also had a quick look at these, but haven't recognised a solution to this $userid problem yet:
    http://dev.mysql.com/doc/refman/5.0/en/create-trigger.html
    http://dev.mysql.com/doc/refman/5.0/en/account-activity-auditing.html
    http://www.go4expert.com/forums/showthread.php?t=7252
    http://ronaldbradford.com/blog/auditing-your-mysql-data-2008-07-15

I'm using:
- mysql: Ver 14.14 Distrib 5.5.40, for Linux (x86_64) using readline 5.1
- Perl: 5.10.1

Thanks.
tel2
0
tel2
Asked:
tel2
  • 2
1 Solution
 
jimyXCommented:
Hi tel2,
I am note using Perl, and am not familiar with how to use it, but I know mySql.
So triggers can not recognize the $userid unless you pass it on.

What you can do is set a variable in mySql that will hold the $userid before executing any query that influences the execution of triggers.

So let's take example from the link you provided earlier:

Original code:
-- Create INSERT event for tblTest
CREATE OR REPLACE trigger_insert_tblTest AFTER INSERT ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> '') OR (NEW.TestVarchar IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestVarchar", "--new record--", NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> 0) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestNumber", "--new record--", NEW.TestNumber);

    END IF; IF (NEW.TestDate <> '') OR (NEW.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestDate", "--new record--", NEW.TestDate);

    END IF;

END;$$

-- Create UPDATE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER UPDATE ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> OLD.TextVarchar) OR (NEW.TestVarchar IS NOT NULL AND OLD.TextVarchar IS NULL) OR (NEW.TestVarchar IS NULL AND OLD.TextVarchar IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestVarchar", OLD.TestVarchar, NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> OLD.TestNumber) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestNumber", OLD.TestNumber, NEW.TestNumber);

    END IF; IF (NEW.TestDate <> OLD.TestDate) OR (NEW.TestDate IS NOT NULL AND OLD.TestDate IS NULL) OR (NEW.TestDate IS NULL AND OLD.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestDate", OLD.TestDate, NEW.TestDate);

    END IF;

END;$$

-- Create DELETE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER DELETE ON tblTest
FOR EACH ROW

    BEGIN CALL add_tblAudit (USER(), "tblTest", "TestVarchar", OLD.TestVarchar, "--deleted record--"); CALL add_tblAudit (USER(), "tblTest", "TestNumber", OLD.TestNumber, "--deleted record--"); CALL add_tblAudit (USER(), "tblTest", "TestDate", OLD.TestDate, "--deleted record--); 

END;$$

Open in new window


And it becomes:
-- Create INSERT event for tblTest
CREATE OR REPLACE trigger_insert_tblTest AFTER INSERT ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> '') OR (NEW.TestVarchar IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestVarchar", "--new record--", NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> 0) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestNumber", "--new record--", NEW.TestNumber);

    END IF; IF (NEW.TestDate <> '') OR (NEW.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestDate", "--new record--", NEW.TestDate);

    END IF;

END;$$

-- Create UPDATE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER UPDATE ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> OLD.TextVarchar) OR (NEW.TestVarchar IS NOT NULL AND OLD.TextVarchar IS NULL) OR (NEW.TestVarchar IS NULL AND OLD.TextVarchar IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestVarchar", OLD.TestVarchar, NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> OLD.TestNumber) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestNumber", OLD.TestNumber, NEW.TestNumber);

    END IF; IF (NEW.TestDate <> OLD.TestDate) OR (NEW.TestDate IS NOT NULL AND OLD.TestDate IS NULL) OR (NEW.TestDate IS NULL AND OLD.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestDate", OLD.TestDate, NEW.TestDate);

    END IF;

END;$$

-- Create DELETE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER DELETE ON tblTest
FOR EACH ROW

    BEGIN CALL add_tblAudit (@zUserID, "tblTest", "TestVarchar", OLD.TestVarchar, "--deleted record--"); CALL add_tblAudit (@zUserID, "tblTest", "TestNumber", OLD.TestNumber, "--deleted record--"); CALL add_tblAudit (@zUserID, "tblTest", "TestDate", OLD.TestDate, "--deleted record--); 

END;$$

Open in new window


Then, remember YOU HAVE TO provide the @zUserID value before calling any query which involves triggers that need the user value, otherwise you get unknown/wrong users assigned ownership for records modification:

What you are going to do is:
This line of query comes first: "Set @zUserID = "+$userid
Then your required queries after: "Insert into YourTable values (...etc" or "Delete" or "Update".

That's the way to go.
0
 
tel2Author Commented:
Thank you so much, jimyX!

That looks like the kind of thing I'm after.

I hope to do some experimenting before I close this question, though.  Might be a while before I can make time.
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
I've requested that this question be closed as follows:

Accepted answer: 500 points for jimyX's comment #a40504212

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
tel2Author Commented:
Thanks again, jimyX, and sorry for the delay in closing this.

tel2
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now