Available since: replication-manager v3.1.24
replication-manager extends its monitoring capabilities through a plugin system. On every monitoring tick each enabled plugin is invoked, receives a full snapshot of the monitored server state as JSON on stdin, and writes findings and score checks as JSON on stdout.
Plugins are organised in three tiers:
| Tier | Who can use it | Requires | Examples |
|---|---|---|---|
| Static | Everyone | Nothing — bundled in the binary | errorlog, slowlog, auditlog |
| Community | Registered instances | Free account at gitlab.signal18.io | All workload, security, and score plugins |
| Enterprise | Support contract customers | Signal18 Support Contract | plugin-critical-alerts |
Static plugins run in-process as Go functions. They use Graphite-backed spike detection and need no registration.
Community plugins are external binaries distributed to registered instances. Registering your instance unlocks the full community library — workload anomaly detection, security auditing, and scoring — and keeps them updated automatically. See Registration & SSO for how to register.
Enterprise plugins are developed from Signal18's field experience and are available to customers with an active Support Contract.
The plugin subsystem is controlled by two global settings:
[Default]
log-plugin = true # master switch — enable external plugin evaluation
log-level-plugin = 0 # verbosity: 0=off … 4=debugIndividual plugins are enabled per cluster:
[mycluster.plugin-config.plugin-connection-storm]
enabled = true
sleep-ratio-threshold = 0.75Detect operational anomalies — performance problems, resource saturation, and regressions — by analysing the real-time server state. Findings carry WARN codes routed to the main HA log.
| Plugin | Finds |
|---|---|
plugin-innodb-corruption |
InnoDB corruption indicators in error log (WARN0300) |
plugin-slow-query-regression |
Query latency regressed vs PFS baseline (WARN0301) |
plugin-error-storm |
Repeated error template spike (WARN0302) |
plugin-replication-lag-predictor |
DML write burst predicting future lag (WARN0303) |
plugin-full-table-scan-spike |
Full-scan ratio exceeded (WARN0304) |
plugin-metadata-lock-contention |
MDL wait duration or count exceeded (WARN0305) |
plugin-tmp-table-storm |
On-disk temporary table spike (WARN0306) |
plugin-connection-storm |
Sleep ratio or lock-wait count exceeded (WARN0307) |
plugin-privilege-escalation |
Privilege DDL by non-admin account (WARN0308) |
plugin-off-hours-access |
DB access outside business hours (WARN0309) |
plugin-binlog-cleartext-password |
Cleartext password in binlog (WARN0310) |
plugin-binlog-creditcard-leak |
Credit card PAN detected in binlog (WARN0311) |
Audit database configuration, user accounts, and activity logs for security weaknesses. Findings carry SEC codes and feed the remediation engine — many can be auto-fixed.
| Plugin | Finds |
|---|---|
plugin-security-no-password-user |
Account with empty password (SEC0100) |
plugin-security-weak-auth |
Weak or deprecated auth plugin (SEC0101) |
plugin-security-local-infile |
local_infile=ON (SEC0102) |
plugin-security-hardening |
CIS Benchmark controls SEC0103–SEC0118 |
Compute binary pass/fail checks that feed the SecurityScore gauge in the cluster dashboard.
| Plugin | Scores |
|---|---|
plugin-score-ssl |
TLS/SSL enabled and configured |
plugin-score-encryption |
Table, binlog, and tmp encryption at rest |
plugin-score-auth |
Strong authentication plugins in use |
plugin-score-passwords |
Password validation plugins active |
plugin-score-audit |
Audit logging active |
plugin-score-network |
Network security controls |
plugin-score-lts |
Running a supported LTS version |
plugin-score-proxy |
Proxy layer present |
Enterprise advisory plugins are built-in (bundled in the binary) and run on every instance. They match the running database and tool versions against a CVE/bug advisory database. On paid plans (Support, Partner) the advisory database is refreshed daily by the Signal18 back office. On the free plan the embedded default is used and a persistent security alert warns that advisories are frozen.
| Plugin | Finds |
|---|---|
enterprise-security |
All known MariaDB/MySQL CVEs from NVD + GitHub security issues (ENT0001+) |
enterprise-replication |
Replication bugs: MDEV-20821 (parallel replication crash), MDEV-28310 (silent data corruption), MDEV-19577 (auto-increment gaps) + NVD replication CVEs (RPL0001+) |
enterprise-workload |
CRITICAL/HIGH severity crash, deadlock, optimizer regression, and memory leak bugs not covered by the other two plugins (WRK0001+) |
Findings auto-resolve when the server or tool is upgraded past the fix version. No configuration needed — the advisory JSON is managed by the back office and pushed via the git pull repository to eligible instances.
Free plan alerts:
| Error | Message |
|---|---|
| ENTERR001 | Enterprise security advisories are not refreshed on the free plan |
| RPLERR001 | Enterprise replication advisories are not refreshed on the free plan |
| WRKERR001 | Enterprise workload advisories are not refreshed on the free plan |
For wire protocol, configuration, prerequisites, remediation engine, and developer guide see the Plugins chapter.