How often should audit logs be reviewed and what kinds of ev

How often should audit logs be reviewed, and what kinds of events and activities should be recorded in the log and why in MySQL?

Solution

Audit trails may be reviewed periodically, as needed ,may be before triggering any security event,
In real-time these are reviewed automatically when ever the triggers occur . Access to audit logs should be strictly controlled and maintained if not someone
can access it,making the loss of logs.
An audit trail is a series of records of computer events, about an operating system, an application, or user activities.In Mysql it is application level.It records computer events,scheduled jobs,security updates on computer.
It helps identify and provide information about users suspected of improper modification of data (e.g., introducing errors into a database). An audit trail may record \"before\" and \"after\" versions of records. Comparisons can then be made between the actual changes made to records and what was expected. This can help
management determine if errors were made by the user, by the system or application software, or by some other source.

The audit log format in Mysql:
Introduced   5.6.14
Command-Line Format   --audit_log_format=value
System Variable   Name   audit_log_format
Variable Scope   Global
Dynamic Variable   No
Permitted Values (>= 5.6.14)   Type   enumeration
Default   OLD
Valid Values   OLD
NEW

WE have various audit logs MySQL Enterprise Audit components like mentoned below:
1. “Audit Log Option and Variable Reference”

2.“Audit Log Options and System Variables”

3. “Audit Log Plugin Status Variables”