Audit Log Filter file format overview¶
On each auditable event, the component appends a record to the log. After startup, the first record describes the server and the startup options. Later records cover connections, disconnections, executed SQL, and other audit events.
audit_log_filter.event_mode controls which server actions become audit records. The file format does not change that selection. See the variable reference for REDUCED versus FULL and for releases before the variable existed.
When LOAD_DATA references files, the component does not log file contents.
Set the format with audit_log_filter.format at startup. The available formats follow:
| Format type | Command | Description |
|---|---|---|
| JSONL | audit_log_filter.format=JSONL |
Default. One compact JSON object per line inside a wrapping array. See the JSON and JSONL topic. |
| JSON | audit_log_filter.format=JSON |
One top-level JSON array of events. |
| XML (new style) | audit_log_filter.format=NEW |
XML layout. |
By default, JSONL logs are neither compressed nor encrypted.
When you change audit_log_filter.format, rename audit_log_filter.file as well. For example, use audit.json or audit.jsonl for JSON or JSONL. Reusing one base name obscures format changes across rotated files.