Home PageApsaraDB for OceanBaseUser GuideAutonomous ServiceDiagnostics centerSecurity managementSQL audit
Search for Help Content

SQL audit

Updated at: 2025-03-20 10:09
Community

The SQL audit feature is designed to help you quickly identify SQL statements that may have potential issues, and enhance security audit capability. This feature supports querying SQL statements by user, IP address, or operation type. In addition, this feature supports exporting query results.

Enable SQL audit

  1. Log in to the ApsaraDB for OceanBase console.

  2. In the left-side navigation pane, choose Autonomy Service > Diagnostics Center.

  3. In the Instance Details section, click the name of the target instance.

    The system automatically redirects to the diagnostics center.

  4. In the left-side navigation pane, choose Security Management > SQL Audit.

  5. Enable SQL audit.

    1. Select the target tenant at the top of the SQL Audit page.

    2. Click Start SQL Audit.

    3. In the pop-up window, make the following configurations:

      • Target for Enablement: If this check box is selected, SQL audit will be enabled for all tenants in this cluster.

      • Storage Duration: Select the appropriate retention time based on your needs to make full use of resources.

    4. Click Enable.

View and download SQL audit records

  1. On the SQL Audit page, click Expand.

  2. (Optional) Filter the SQL audit records by filter items.

    Filter item

    Description

    Filter item

    Description

    Database

    Select one or more databases in the tenant to view.

    Node

    Select one or more nodes to view.

    Keywords

    Enter the keywords that may exist in the SQL statements to view. You can enter multiple keywords, and the keywords are connected by AND or OR.

    Time Range

    Select the time range in which the SQL statements are executed. The time range cannot exceed 24 hours.

    Username

    Select one or more usernames to view.

    Operation Type

    Select one or more operation types to view.

    Client IP Address

    Enter the IP address of the client to view.

    Execution Duration (ms)

    Enter the execution time range of the SQL statements.

    Scan Records

    Enter the number of scanned records to view.

  3. Click Query.

  4. View the following information in the query results, including: SQL Statement, Database, User, Client IP Address, Operation Type, Execution Result, Request Time, Execution Duration (ms), Scanned Rows, and Updated Rows.

    You can sort the results by the Execution Duration (ms), Scanned Rows, or Update Rows column.

  5. Click Export to download the query results.image

    Note

    Currently, a maximum of 100 audit records can be downloaded. If the number of audit records exceeds 100, only the first 100 records will be downloaded in the order of page sorting.

Modify SQL audit settings

  1. On the SQL Audit page, click Service Settings.

  2. Modify the relevant parameter settings in the pop-up window and click OK.

Disable SQL audit

  1. On the SQL Audit page, click Close Service.

  2. Enter close in the pop-up window and click Close.

Previous: Security assessmentNext: Monitoring dashboard
  • On this page (0)
  • Enable SQL audit
  • View and download SQL audit records
  • Modify SQL audit settings
  • Disable SQL audit
Feedback