All Products
Search

This Product

    ApsaraDB for OceanBase:SQL audit

    Document Center

    ApsaraDB for OceanBase:SQL audit

    Last Updated:Jan 20, 2025

    The SQL audit feature is designed to help you quickly identify SQL statements that may have potential issues, and enhance security audit capability. This feature supports querying SQL statements by user, IP address, or operation type. In addition, this feature supports exporting query results.

    Enable SQL audit

    1. Log in to the ApsaraDB for OceanBase console.

    2. In the left-side navigation pane, click Instances.

    3. On the Instances page, click the target instance name to enter the instance workspace.

    4. In the left-side navigation pane, click Diagnostics.

    5. On the Diagnostics page, select the target tenant from the drop-down list.

    6. On the SQL Audit tab, click Start SQL Audit.

    7. In the pop-up window, make the following configurations:

      • Target for Enablement: If this check box is selected, SQL audit will be enabled for all tenants in this cluster.

      • Storage Duration: Select the appropriate retention time based on your needs to make full use of resources.

    8. Click Enable.

    View and download SQL audit records

    1. On the SQL Audit page, click Expand.

    2. (Optional) Filter the SQL audit records by filter items.

      Filter item

      Description

      Database

      Select one or more databases in the tenant to view.

      Node

      Select one or more nodes to view.

      Keywords

      Enter the keywords that may exist in the SQL statements to view. You can enter multiple keywords, and the keywords are connected by AND or OR.

      Time Range

      Select the time range in which the SQL statements are executed. The time range cannot exceed 24 hours.

      Username

      Select one or more usernames to view.

      Operation Type

      Select one or more operation types to view.

      Client IP Address

      Enter the IP address of the client to view.

      Execution Duration (ms)

      Enter the execution time range of the SQL statements.

      Scan Records

      Enter the number of scanned records to view.

    3. Click Query.

    4. View the following information in the query results, including: SQL Statement, Database, User, Client IP Address, Operation Type, Execution Result, Request Time, Execution Duration (ms), Scanned Rows, and Updated Rows.

      You can sort the results by the Execution Duration (ms), Scanned Rows, or Update Rows column.

    5. Click Export to download the query results.image

      Note

      Currently, a maximum of 100 audit records can be downloaded. If the number of audit records exceeds 100, only the first 100 records will be downloaded in the order of page sorting.