// the find
outbrain-inc/audit_login
simple MySQL login audit plugin, logging to text file
A MySQL audit plugin written in C that logs successful and failed logins to a JSON-per-line text file. It was built at Outbrain in 2013 for basic login visibility — detecting brute-force attempts, port scans, and unused accounts. Aimed at DBAs who want something lightweight without standing up MySQL Enterprise Audit.
JSON-per-line output is immediately pipeable into grep, awk, or any log aggregator without a custom parser. The skip_users config is a practical touch — nagios and collectd hammering the log is a real annoyance. Dynamic load/unload via INSTALL PLUGIN means zero server restart. The source is a single 200-line C file, so you can actually read and trust what it does.
Abandoned since 2013 — MySQL 5.5 binaries are included but nothing for 5.6, 5.7, 8.x, or anything current; you'll have to compile it yourself against a MySQL source tree, which the README even admits is incomplete ('Find appropriate binaries under (TODO)'). Logs only to a flat file with no rotation, no size cap, and no async buffering — high-traffic servers will write-block on every login. No logout or query auditing, so it's not useful for compliance requirements like PCI-DSS or SOC 2 that need session activity. MySQL 8.0 ships with a built-in audit log plugin that renders this obsolete.