Complete Guide to MariaDB Logs: Audit, Configuration, and More

MariaDB logs are a cornerstone of effective database management. They capture critical details about your database’s operations, offering invaluable insights for administrators, developers, and system administrators. Understanding how to leverage these logs is key to maintaining a secure, efficient, and high-performing system.

In this guide, we’ll walk through the various types of MariaDB logs, where to find them, and how to make the most of the insights they hold. With the right strategies, you can turn your logs into a powerful tool for maintaining and optimizing your database.

What Are MariaDB Logs, and Why Are They Important?

MariaDB log files document every significant event within the database. On the security front, logs like the audit log play a crucial role. They document user actions, such as who accessed the database and what changes were made. This level of detail helps organizations meet compliance requirements like GDPR and detect any unauthorized activity.

When troubleshooting, error logs and general logs offer detailed information about failed connections, query errors, or server crashes, making it easier to identify and resolve problems quickly. For performance optimization, slow query logs provide a wealth of raw data. They reveal inefficiencies, such as slow-running queries or resource-heavy operations, allowing you to make targeted improvements that enhance scalability and efficiency.

The 5 Types of MariaDB Log Files

1. MariaDB Audit Log

The MariaDB audit log is a powerful feature that records all database activity, including logins, queries, and data modifications. This is particularly useful in regulated industries where monitoring data access is required.

How to Enable the MariaDB Audit Log

• The MariaDB audit plugin is not enabled by default, so you’ll need to install it first. Use the following command:

sudo apt-get install mariadb-plugin-audit

• After installing the plugin, enable it by editing the MariaDB configuration file (/etc/mysql/my.cnf). Add the following lines under the [mysqld] section:

[mysqld]
plugin-load-add=audit_log.so
audit_log_file=/var/log/mysql/mariadb-audit.log
audit_log_policy=ALL

• For the changes to take effect, restart the MariaDB service with

sudo systemctl restart mariadb

• To confirm that the audit log plugin is enabled, run the following SQL command:

SHOW VARIABLES LIKE 'audit%';

How to Use the MariaDB Audit Log to Track Data Changes

The audit log is invaluable for identifying who accessed or modified sensitive data. For instance, to monitor updates performed by users, you can query the audit log:

sudo tail -f /var/log/mariadb/audit.log

Example log entries:

20250101 12:34:56,server1,root,localhost,1,1,QUERY_DML,'UPDATE mydb.mytable SET mycolumn = 'new_value' WHERE id = 1',0

2. MariaDB General Log

The general log captures a record of all client connections and queries sent to the database. While verbose, it’s a key resource for debugging and understanding how applications interact with MariaDB.

Example of general log entries:

2023-10-10T12:34:56.789012Z     1 Connect   root@localhost on mydb
2023-10-10T12:34:57.123456Z     1 Query     SELECT * FROM mytable
2023-10-10T12:35:01.234567Z     1 Query     UPDATE mytable SET column1 = 'value' WHERE id = 1
2023-10-10T12:35:05.345678Z     1 Quit

Enable and Configure the General Log

• Enable the general log by adding the following lines to your my.cnf file:

[mysqld]
general_log=ON
general_log_file=/var/log/mysql/mariadb-general.log

• Apply the changes by restarting the MariaDB service, then check if the general log is enabled by running:

SHOW VARIABLES LIKE 'general_log';

How to Configure General Log to Store Data in a Table

By default, MariaDB stores the general log in a file, but you can configure it to log entries directly into a table within the MySQL database. To set this up, add the following lines under the [mysqld]:

general_log_output=TABLE

Make sure to restart MariaDB to save these changes.

How to Analyze Query Activity

To examine specific types of queries, such as SELECT statements, use the following command on the log file:

grep "SELECT" /var/log/mysql/mariadb-general.log

This will extract all queries containing the SELECT keyword, making it easier to identify frequently executed or problematic queries.

3. MariaDB Error Log

The error log records issues related to the database, including startup problems, crashes, and warnings. It’s the first place to look when something goes wrong with MariaDB.

Example of error log entries:

2023-10-10 12:36:00 123456789 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
2023-10-10 12:36:01 123456789 [Warning] Too many connections
2023-10-10 12:36:02 123456789 [Warning] Aborted connection 123 to db: 'mydb' user: 'user1' host: '192.168.1.100' (Got timeout reading communication packets)

Enabling Verbose Error Logging

To get more detailed error messages, you can increase the logging verbosity by adding the following line to your my.cnf file:

[mysqld]
log_warnings=2

Then restart MariaDB to apply the changes with

sudo systemctl restart mariadb

Monitoring Error Logs

For real-time monitoring of errors, use the tail command:

tail -f /var/log/mysql/error.log

This allows you to observe new entries as they are written, which is particularly helpful when troubleshooting live issues.

4. MariaDB Binary Log

The binary log keeps a record of every change to your database, like updates, table creations, and data modifications. It’s a must-have for two critical tasks:

• Replication: Binary logs make it possible to sync changes from a primary server to replicas, keeping them up-to-date. This is key for load balancing or having backups ready to take over in case of a failure.

• Point-in-Time Recovery: If something goes wrong – like accidental data deletion – you can use binary logs to roll the database back to a specific moment, saving recent changes and minimizing data loss.

How to Enable Binary Logging

Add log_bin=/var/log/mysql/mariadb-bin to your my.cnf file. Then, restart the MariaDB service.

Common Commands for Working with Binary Logs

• View all active binary log files and their sizes with:

SHOW BINARY LOGS;

• Convert and review the contents of a binary log file with:

mysqlbinlog /var/log/mysql/mariadb-bin.000001

• Delete logs up to a specific file:

PURGE BINARY LOGS TO 'mariadb-bin.000005';

• See the current log format in use (ROW, STATEMENT, or MIXED):

SHOW VARIABLES LIKE 'binlog_format';

5. MariaDB Slow Query Log

The slow query log captures all SQL queries that exceed a set execution time. This log allows you to identify inefficient queries and refine them for better database performance.

Example of a slow query log:

# Time: 2023-10-10T12:43:00.123456Z
# User@Host: user8[user8] @ 192.168.1.180 []
# Thread_id: 802
# Query_time: 22.123456  Lock_time: 0.009012 Rows_sent: 100  Rows_examined: 1000000
SET timestamp=1696941780;
SELECT * FROM mytable WHERE indexed_column LIKE '%value%';

How to Enable the Slow Query Log

To enable the slow query log, modify your my.cnf file as follows:

[mysqld]
slow_query_log=ON
slow_query_log_file=/var/log/mysql/mariadb-slow.log
long_query_time=2

Long_query_time is what sets the threshold in seconds (in this example, slow queries are those that take longer than 2 seconds to execute).

How to Configure Slow Query Log to Store Data in a Table

For better analysis, you can configure MariaDB to store the slow queries in a table rather than a file by updating your my.cnf to include:

[mysqld]
log_output=TABLE

How to Locate and Access MariaDB Logs

The location of MariaDB log files depends on your operating system and configuration. Below are the default locations for MariaDB logs on CentOS and Ubuntu systems.

Log Type	CentOS7 Log Location	Ubuntu Log Location
Audit Log	/var/log/mysql/mariadb-audit.log	/var/log/mysql/mariadb-audit.log
General Log	/var/log/mysql/mariadb-general.log	/var/log/mysql/general.log
Error Log	/var/log/mariadb/mariadb.log	/var/log/mysql/error.log
Binary Log	/var/log/mysql/mariadb-bin	/var/log/mysql/mariadb-bin

You can access MariaDB logs directly from the command line using tools like cat, less or tail. For example, view the general log with cat /var/log/mysql/mariadb-general.log or monitor logs in real-time with tail -f /var/log/mysql/error.log.

Best Practices for Log Management

Without proper controls, logs can quickly grow out of hand, consuming disk space and becoming difficult to analyze. Below, we’ll explore practices for managing log size, setting retention policies, and making the most of your log data with the right tools and techniques.

Limit Log File Sizes

Oversized logs can bog down your system and make troubleshooting harder. Use configurations like max_binlog_size to cap the size of binary log files. For instance, setting it to 100MB means that logs are rotated before they get unwieldy:

max_binlog_size = 100M

Automate Log Rotation

Instead of manually clearing out old MariaDB log files, automate the process with utility tools like logrotate. This keeps logs manageable by archiving or deleting older files on a schedule so you don’t wake up to a full disk one day.

Implement Retention Policies

Not all logs need to live forever. Decide how long to keep each type of log based on operational needs and compliance requirements. For binary logs, use the PURGE command to clear out old files:

PURGE BINARY LOGS BEFORE '2024-01-01 00:00:00';

Filter the General Log with SQL

If you store the general log in a table, you can query it directly to investigate specific patterns. For example, to identify failed login attempts, you could run the following query:

SELECT event_time, user_host, argument 
FROM mysql.general_log 
WHERE argument LIKE '%Access denied%';

Decode Binary Logs

Binary logs are essential for replication and tracking changes, but they aren’t human-readable by default. Use the mysqlbinlog utility to convert them into readable format and filter for specific time frames or events:

mysqlbinlog --start-datetime="2025-01-01 00:00:00" mariadb-bin.000001

Slow Query Analysis

mysqldumpslow aggregates similar queries from the slow query log, abstracting numerical and string data values to provide a concise summary. This abstraction allows for easier identification of patterns and problematic queries.

mysqldumpslow -s at -t 10 /path/to/slow_query.log

For a more advanced and user-friendly approach, Releem Query Analytics can be used alongside or as an alternative to mysqldumpslow. Releem Query Analytics provides deeper insights into query performance by visualizing patterns, highlighting problematic queries, and offering optimization recommendations, making it easier to enhance database performance efficiently.

Avoid MariaDB Log Sifting with Releem

MariaDB logs are a goldmine of information, providing the insights you need to secure, debug, and optimize your database. But even with this guide's help, going through logs manually, optimize SQL queries or tweaking configurations can be a major time sink.

That’s where Releem can make your life a whole lot easier. Instead of spending hours sifting through logs and adjusting settings, Releem steps in to do the work for you. It automatically analyzes your MariaDB configuration, SQL queries, and database performance pulling out meaningful insights, recommending indexes and even suggesting MariaDB configuration improvements.

No more guesswork. No more manual log diving. Just actionable recommendations to help you get the most out of your database without the hassle. If you’re ready to let automation handle the grunt work, try Releem today!