Audit logs for RDS MySQL not appearing in CloudWatch

Question

I've been trying to get a MySQL instance on Amazon's RDS to send logs to CloudWatch: in particular, both error logs and audit logs.

Error logs work fine, they're appearing in CloudWatch, no issues at all. For audit logs, I know I need to have the MariaDB Audit Plugin enabled - so, I've added it to an option group, and added that option group to the MySQL instance. I've also restarted the instance (which is apparently not needed, but I figure it was worth trying). I've also connected to the MySQL database a few times since enabling this about 24 hours ago.

Here are the settings I've attached to the MARIADB_AUDIT_PLUGIN option (I've only customised the events, everything else are the default values):

But: there is no log group, and there is also no mention of the audit file in the list of log files for the RDS instance. Any thoughts on what else I can try to debug this?

Also, when I connect to the database and check on the known plugins via SELECT plugin_name from information_schema.plugins, the MariaDB Audit Plugin is not listed. Should it be?

Answer 1

It turns out two of the settings are required (and don't fall back to the documented defaults): SERVER_AUDIT_FILE_ROTATIONS and SERVER_AUDIT_FILE_ROTATE_SIZE. Once these are explicitly set in my options group, I've found that the log file appears in the RDS instance's console page, and they flow through to CloudWatch as well.