MySQL General Log missing Timestamps

Question

I want to determine when an event occurred in the General Query Log of MySQL (v5.1.71). As an example, on the server OS CLI (Unix), I ran a simple grep to pull out data from the log file:

grep "Access denied" /data/mysql/my_servername.log

            1249390 Connect Access denied for user 'user1'@'user.1.ip.add' (using password: YES)
131204 17:51:00 1254417 Connect Access denied for user 'user2'@'user.2.ip.add' (using password: NO)

I looked at the entire log for other types of information I would be pulling out, and noticed entries were missing timestamps as well. It appears MySQL only precedes the log entry with YYMMDD HH:MI:SS when the SS value has changed since the last log entry. In the above example, I would have no way of determing the DATE/TIME of user1's log entry, since I would only have the milli/nano/whatever second.

I'm currently running mysql with the following options: --user=mysql --general_log --ssl-ca=/path_to_file1 --ssl-cert=/path_to_file2 --ssl-key=/path_to_file3

So how do get MySQL to put a timestamp on every line?

SK

Answer 1

You should use pt-query-digest for this.

Start with something like this:

pt-query-digest \
--type genlog \
--print \
--no-report \
--filter '$event->{arg} && $event->{arg} =~ /Access denied/' \
/data/mysql/my_servername.log

Alternatively, you can switch the log format from FILE to TABLE (do this in your my.cnf file too so it survives a restart), and the timestamp will be present for each row in the table:

set global log_output='TABLE';

Now you can query the table instead of grepping the file:

select * from mysql.general_log where argument like 'Access denied%';