Audit Log Filter security

The Audit Log Filter component writes audit files. Restrict the log directory to trusted operators and ensure that the server can write to the directory.

Logs are plaintext by default and may hold credentials, SQL text, and other sensitive data.

The default file under the data directory is audit_filter.log. Override the location with audit_log_filter.file at startup.

When the parent directory is missing, the component errors and the server starts without Audit Log Filter active.

Rotation leaves multiple files on disk. Protect every generation.

Additional reading

• Audit Log Filter overview

• Audit Log Filter compression and encryption

• Manage the Audit Log Filter files

• Audit log filter functions, options, and variables — audit_log_filter.file and audit_log_filter.handler

• Install the audit log filter