All Products
Search

This Product

    ApsaraDB for OceanBase:SQL audit

    Document Center

    ApsaraDB for OceanBase:SQL audit

    Last Updated:Jul 01, 2025

    The SQL audit feature is designed to help you quickly identify SQL statements that may have potential issues, and enhance security audit capability. This feature supports querying SQL statements by user, IP address, or operation type. In addition, this feature supports exporting query results.

    Enable SQL audit

    1. Log in to the ApsaraDB for OceanBase console.

    2. In the left-side navigation pane, choose Autonomy Service > Diagnostics Center.

    3. In the Instance Details section, click the name of the target instance.

      The system automatically redirects to the diagnostics center.

    4. In the left-side navigation pane, choose Security Management > SQL Audit.

    5. Enable SQL audit.

      1. Select the target tenant at the top of the SQL Audit page.

      2. Click Start SQL Audit.

      3. In the pop-up window, make the following configurations:

        • Target for Enablement: If this check box is selected, SQL audit will be enabled for all tenants in this cluster.

        • Storage Duration: Select the appropriate retention time based on your needs to make full use of resources.

      4. Click Enable.

    View and download SQL audit records

    1. On the SQL Audit page, click Expand.

    2. (Optional) Filter the SQL audit records by filter items.

      Filter item

      Description

      Database

      Select one or more databases in the tenant to view.

      Node

      Select one or more nodes to view.

      Keywords

      Enter the keywords that may exist in the SQL statements to view. You can enter multiple keywords, and the keywords are connected by AND or OR.

      Time Range

      Select the time range in which the SQL statements are executed. The time range cannot exceed 24 hours.

      Username

      Select one or more usernames to view.

      Operation Type

      Select one or more operation types to view.

      Client IP Address

      Enter the IP address of the client to view.

      Execution Duration (ms)

      Enter the execution time range of the SQL statements.

      Scan Records

      Enter the number of scanned records to view.

    3. Click Query.

    4. View the following information in the query results, including: SQL Statement, Database, User, Client IP Address, Operation Type, Execution Result, Request Time, Execution Duration (ms), Scanned Rows, and Updated Rows.

      You can sort the results by the Execution Duration (ms), Scanned Rows, or Update Rows column.

    5. Click Export to download the query results.image

      Note

      Currently, a maximum of 100 audit records can be downloaded. If the number of audit records exceeds 100, only the first 100 records will be downloaded in the order of page sorting.

    Modify SQL audit settings

    1. On the SQL Audit page, click Service Settings.

    2. Modify the relevant parameter settings in the pop-up window and click OK.

    Disable SQL audit

    1. On the SQL Audit page, click Close Service.

    2. Enter close in the pop-up window and click Close.