Skip to content

Ensure 'log_warnings' Is Set to '2'

Description

The log_warnings system variable, enabled by default, provides additional information to the MySQL log. A value of 1 enables logging of warning messages, and higher integer values tend to enable more logging.

Setting log_warnings will also cause log_error_verbosity to be set. The variable scope for log_warnings is global.

NOTE: log_warnings has been deprecated as of MySQL 5.7.2.

Rationale

This might help to detect malicious behavior by logging communication errors and aborted connections.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine mysql

Default Rule

const { checkRdsVersion, OK_SKIP_VERSION, checkServerSetting } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the database instance has a correct value for log_warnings option
 */
function validate(databaseSettings) {
    supportedVersions = ["5.6"]
    const supported = checkRdsVersion(databaseSettings, supportedVersions)
    if (!supported){
        return OK_SKIP_VERSION
    }

    const settingName = "log_warnings"
    const expectedValue = "2"
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)

    return {
        success,
    }
}

// invoke
validate(databaseSettings);