![](https://secure.gravatar.com/avatar/99fde0c1dfd216326aae0aff30d493f1.jpg?s=120&d=mm&r=g)
Scott Canaan
Thank you. I found SUPER, but was trying to avoid using it as it gives too many privileges. I was looking for something more fine-grained.
Maybe you can define a stored procedure with SQL SECURITY DEFINER (and a DEFINER with the SUPER priviledge) that sets the desired syslog global system variables. Then you can grant the ITS_READ account access to the stored procedure, which will give access only to set the syslog configuration. Hope this helps, - Kristian.
On Apr 06, Scott Canaan wrote:
We are on MariaDB 10.5.18. There is a requirement to send all syslog data to a central syslog server. In the past, we did it using a login called ITS_READ. It has limited privs on purpose, but used to be able to execute the SET GLOBAL statements that we needed. Those statements are:
SET GLOBAL server_audit_output_type=SYSLOG; SET GLOBAL server_audit_logging=1; SET GLOBAL server_audit_syslog_facility=LOG_LOCAL2; SET GLOBAL server_audit_events="connect,table,query_ddl,query_dcl";