PS-9954 [DOCS] - Update Audit Log Filter examples 8.4

patrickbirch · patrickbirch · commit 660a0df0e762 · 2025-06-13T10:08:50.000-05:00
modified:   docs/reading-audit-log-filter-files.md
diff --git a/docs/audit-log-filter-restrictions.md b/docs/audit-log-filter-restrictions.md
@@ -4,10 +4,17 @@
 
 The Audit Log Filter has the following general restrictions:
 
-* Logs only SQL statements. Statements made by NoSQL APIs, such as the Memcached API, are not logged.
+The Audit Log Filter has the following general restrictions:
+
+* Log only SQL statements. Statements made by NoSQL APIs, such as the 
+  Memcached API, are not logged.
 
-* Logs only the top-level statement. Statements within a stored procedure or a trigger are not logged. Does not log the file contents for statements like `LOAD_DATA`.
+* Log only the top-level statement. Statements within a stored procedure 
+  or a trigger are not logged. Do not log the file contents for statements 
+  like `LOAD_DATA`.
 
-* If used with a cluster, the component must be installed on each server used to execute SQL on the cluster.
+* Require the component to be installed on each server used to execute SQL 
+  on the cluster if used with a cluster.
 
-* If used with a cluster, the application or user is responsible for aggregating all the data of each server used in the cluster.
+* Hold the application or user responsible for aggregating all the data from 
+  each server used in the cluster if used with a cluster.
diff --git a/docs/audit-log-filter-variables.md b/docs/audit-log-filter-variables.md
@@ -288,7 +288,7 @@ This function returns either an `OK` for success or an error message for failure
 
 ```{.bash data-prompt="mysql>"}
 mysql> SET @filter = '{ "filter_name": { "log": true }}'
-mysql> SET audit_log_filter_set_filter('filter-name', @filter);
+mysql> SELECT audit_log_filter_set_filter('filter-name', @filter);
 ```
 
 ??? example "Expected output"
@@ -505,7 +505,7 @@ This option does nothing when used with other format types.
 
 Defines where the component writes the audit log filter file. The following values are available:
 
-* `FILE` - component writes the log to a location specified in [`audit_log_filter.file`](#audit_log_filter_file)
+* `FILE` - component writes the log to a location specified in [`audit_log_filter.file`](#audit_log_filterfile)
 * `SYSLOG` - component writes to the syslog
 
 
@@ -547,13 +547,15 @@ A value greater than 0 (zero) enables pruning based on size and defines the comb
 
 The value is based on 4096 (block size). A value is truncated to the nearest multiple of the block size. If the value is less than 4096, the value is treated as 0 (zero).
 
-If the values for `audit_log_filter.rotate_on_size` and `audit_log_filter.max_size` are greater than 0, we recommend that `audit_log_filter.max_size` value should be at least seven times the `audit_log_filter.rotate_on_size` value.
+If the values for [`audit_log_filter.rotate_on_size`](#audit_log_filterrotate_on_size) and [`audit_log_filter.max_size`](#audit_log_filtermax_size) are greater than 0, we recommend that `audit_log_filter.max_size` value should be at least seven times the `audit_log_filter.rotate_on_size` value.
 
 Pruning requires the following options:
 
-* `audit_log_filter.max_size`
-* `audit_log_filter.rotate_on_size`
-* `audit_log_filter.prune_seconds`
+* [`audit_log_filter.rotate_on_size`](#audit_log_filterrotate_on_size)
+
+* [`audit_log_filter.max_size`](#audit_log_filtermax_size)
+
+* [`audit_log_filter.prune_seconds`](#audit_log_filterpruneseconds)
 
 
 ### `audit_log_filter.password_history_keep_days`
@@ -574,7 +576,7 @@ The default value is 0 (zero). This value disables the expiration of passwords.
 
 If the component starts and encryption is enabled, the component checks for an audit log filter encryption password. If a password is not found, the component generates a random password.
 
-Call `audit_log_filter_encryption_set()` to set a specific password.
+Call [`audit_log_filter_encryption_set()`](#audit_log_filter_encryption_set) to set a specific password.
 
 
 ### `audit_log_filter.prune_seconds`
@@ -598,8 +600,8 @@ A value greater than 0 enables pruning. An audit log filter file can be pruned a
 
 To enable log pruning, you must set one of the following:
 
-* Enable log rotation by setting `audit_log_filter.rotate_on_size`
-* Add a value greater than 0 (zero) for either `audit_log_filter.max_size` or `audit_log_filter.prune_seconds`
+* Enable log rotation by setting [`audit_log_filter.rotate_on_size`](audit_log_filterrotate_on_size)
+* Add a value greater than 0 (zero) for either [`audit_log_filter.max_size`](audit_log_filtermax_size) or [`audit_log_filter.prune_seconds`](audit_log_filterprune_seconds) 
 
 
 ### `audit_log_filter.read_buffer_size`
@@ -615,7 +617,7 @@ To enable log pruning, you must set one of the following:
 
 This option is only supported for JSON-format files.
 
-The size of the buffer for reading from the audit log filter file. The `audit_log_filter_read()` reads only from this buffer size.
+The size of the buffer for reading from the audit log filter file. The [`audit_log_filter_read()`](audit_log_filter_read) reads only from this buffer size.
 
 ### `audit_log_filter.rotate_on_size`
 
diff --git a/docs/disable-audit-log-filter.md b/docs/disable-audit-log-filter.md
@@ -1,25 +1,24 @@
 # Disable Audit Log Filter logging
 
-The `audit_log_filter.disable` system variable lets you disable or enable logging for all connections.
+The `audit_log_filter.disable` system variable lets you disable or enable logging for all connections based on the value:
+
+| Value | Actions |
+|---|---|
+| `audit_log_filter.disable = true` |Disables logging. |
+| `audit_log_filter.disable = false` | Enables logging. |
 
 You can set the variable in the following ways:
 
-* Option file
-* Command-line startup string
-* SET statement during runtime
+* Specify in the option file.
+
+* Include in the command-line startup string.
 
+* Use a SET statement during runtime.
 
 ```{.bash data-prompt="mysql>"}
 mysql> SET GLOBAL audit_log_filter.disable = true;
 ```
 
-Setting `audit_log_filter.disable` has the following effect:
-
-| Value | Actions |
-|---|---|
-| true | Generates a warning. Audit log function calls and changes in variables generate session warnings. Disables the component. |
-| false | Re-enables the component and generates a warning. This is the default value. |
-
 ## Privileges required
 
 Setting the value of `audit_log_filter.disable` at runtime requires the following:
diff --git a/docs/filter-audit-log-filter-files.md b/docs/filter-audit-log-filter-files.md
@@ -152,30 +152,22 @@ Add filter_update_on_user_change.
 ```{.bash data-prompt="mysql>"}
 mysql> SELECT audit_log_filter_set_filter('log_connect', '{
   "filter": {
-    "class": {
-      "name": "connection",
-      "event": {
-        "name": "connect"
-      }
-    }
+    "class": { "name": "connection" },
+    "event": { "name": "connect" }
   }
 }');
 
 mysql> SELECT audit_log_filter_set_filter('log_disconnect', '{
   "filter": {
-    "class": {
-      "name": "connection",
-      "event": {
-        "name": "disconnect"
-      }
-    }
+    "class": { "name": "connection" },
+    "event": { "name": "disconnect" }
   }
 }');
 ```
 
 | Option      | Filters                                      | Example                        | Event                                     |
 |-------------|---------------------------------------------|--------------------------------|-------------------------------------------|
-| class       | general, connection, table_access           | N/A                            | general: Server-wide events, query processing<br>connection: Login, logout, connection attempts<br>table_access: Database and table-level interactions |
+| class       | general, connection, table_access           | N/A                            | General: Server-wide events, query processing<br>connection: Login, logout, connection attempts<br>table_access: Database and table-level interactions |
 | user        | Filters by MySQL user accounts              | ["admin", "readonly_user"]     | All actions performed by specified users |
 | database    | Filters by database name                    | ["sales", "inventory"]         | Operations within specified databases     |
 | table       | Filters by table name                       | ["customers", "orders"]        | Interactions with specific tables         |
diff --git a/docs/reading-audit-log-filter-files.md b/docs/reading-audit-log-filter-files.md
@@ -9,12 +9,14 @@ If the file is renamed and no longer fits the pattern, the file is ignored.
 The following functions read the files in the JSON-format:
 
 * [`audit_log_read`](audit-log-filter-variables.md#audit_log_read) - reads audit log filter events
-* [`audit_log_read_bookmark()](audit-log-filter-variables.md#audit_log_read_bookmark) - for the most recently read event, returns a bookmark. The bookmark can be passed to `audit_log_read()`.
+
+* [`audit_log_read_bookmark`](audit-log-filter-variables.md#audit_log_read_bookmark) - for the most recently read event, returns a bookmark. This bookmark can be passed to `audit_log_read()`.
 
 Initialize a read sequence by using a bookmark or an argument that specifies the start position:
 
 ```{.bash data-prompt="mysql>"}
 mysql> SELECT audit_log_read(audit_log_read_bookmark());
+```
 
 The following example continues reading from the current position:
 
