MYSQL Audit logging for QUERY_DML (INSERT,UPDATE,DELETE) only not working - still see SELECTs

Question

I've followed the instructions to enable audit logging for my MySQL 5.7 instance on RDS from [these instructions](https://aws.amazon.com/blogs/database/configuring-an-audit-log-to-capture-database-activities-for-amazon-rds-for-mysql-and-amazon-aurora-with-mysql-compatibility/)

I would like to only see mutating operations: e.g.: `UPDATE, INSERT, DELETE` queries. Based on the above instructions, I should set the `SERVER_AUDIT_EVENTS` parameter in the option group to `QUERY_DML`. I have done this, keeping all the other default settings, my option group settings looks like this:

| Name | Value |
| --- | --- |
| SERVER_AUDIT_EVENTS | QUERY_DML |
| SERVER_AUDIT_LOGGING | ON |
| SERVER_AUDIT_INCL_USERS | - |
| SERVER_AUDIT|FORCE_PLUS_PERMANENT|
| SERVER_AUDIT_FILE_ROTATIONS|-|
| SERVER_AUDIT_QUERY_LOG_LIMIT|1024|
| SERVER_AUDIT_FILE_PATH|/rdsdbdata/log/audit/|
| SERVER_AUDIT_FILE_ROTATE_SIZE|-|
| SERVER_AUDIT_EXCL_USERS|-|

I assigned this option group to my MySQL database and restarted. I see the audit logs but I still see `SELECT` statements. What did I miss to enable *only DML* audit logging?

Accepted Answer

Hello.

"QUERY_DML" is an event that includes "Select".  
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.MySQL.Options.AuditPlugin.html  
> QUERY_DML: Similar to the QUERY event, but returns only data manipulation language (DML) queries (INSERT, UPDATE, and so on, and also SELECT).

Name	Value
SERVER_AUDIT_EVENTS	QUERY_DML
SERVER_AUDIT_LOGGING	ON
SERVER_AUDIT_INCL_USERS	-
SERVER_AUDIT	FORCE_PLUS_PERMANENT
SERVER_AUDIT_FILE_ROTATIONS	-
SERVER_AUDIT_QUERY_LOG_LIMIT	1024
SERVER_AUDIT_FILE_PATH	/rdsdbdata/log/audit/
SERVER_AUDIT_FILE_ROTATE_SIZE	-
SERVER_AUDIT_EXCL_USERS	-

MYSQL Audit logging for QUERY_DML (INSERT,UPDATE,DELETE) only not working - still see SELECTs

Relevanter Inhalt