The SQL audit feature is designed to help you quickly identify SQL statements that may have potential issues, and enhance security audit capability. This feature supports querying SQL statements by user, IP address, or operation type. In addition, this feature supports exporting query results.
Enable SQL audit
Log in to the ApsaraDB for OceanBase console.
In the left-side navigation pane, click Instances.
On the Instances page, click the target instance name to enter the instance workspace.
In the left-side navigation pane, click Diagnostics.
On the Diagnostics page, select the target tenant from the drop-down list.
On the SQL Audit tab, click Start SQL Audit.
In the pop-up window, make the following configurations:
Target for Enablement: If this check box is selected, SQL audit will be enabled for all tenants in this cluster.
Storage Duration: Select the appropriate retention time based on your needs to make full use of resources.
Click Enable.
View and download SQL audit records
On the SQL Audit page, click Expand.
(Optional) Filter the SQL audit records by filter items.
Filter item
Description
Database
Select one or more databases in the tenant to view.
Node
Select one or more nodes to view.
Keywords
Enter the keywords that may exist in the SQL statements to view. You can enter multiple keywords, and the keywords are connected by AND or OR.
Time Range
Select the time range in which the SQL statements are executed. The time range cannot exceed 24 hours.
Username
Select one or more usernames to view.
Operation Type
Select one or more operation types to view.
Client IP Address
Enter the IP address of the client to view.
Execution Duration (ms)
Enter the execution time range of the SQL statements.
Scan Records
Enter the number of scanned records to view.
Click Query.
View the following information in the query results, including: SQL Statement, Database, User, Client IP Address, Operation Type, Execution Result, Request Time, Execution Duration (ms), Scanned Rows, and Updated Rows.
You can sort the results by the Execution Duration (ms), Scanned Rows, or Update Rows column.
Click Export to download the query results.
NoteCurrently, a maximum of 100 audit records can be downloaded. If the number of audit records exceeds 100, only the first 100 records will be downloaded in the order of page sorting.