DescribeAuditRecords - ApsaraDB for MongoDB - Alibaba Cloud Documentation Center

Queries the audit logs of a MongoDB instance.

Operation description

When you call this operation, ensure that the audit log feature of the instance is enabled. Otherwise, the operation returns an empty audit log.
This operation is applicable only to general-purpose local-disk and dedicated local-disk instances.
You can call this operation up to 30 times per minute. To call this operation at a higher frequency, use a Logstore. For more information, see Manage a Logstore.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

dds:DescribeAuditRecords

get

*dbinstance

acs:dds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}

None

Request parameters

Parameter	Type	Required	Description	Example
DBInstanceId	string	Yes	The instance ID. Note If you set this parameter to the ID of a sharded cluster instance, you must also specify the NodeId parameter.	dds-bp12c5b040dc****
NodeId	string	No	The ID of a Mongos node or a shard node in the sharded cluster instance. Note This parameter is available only when DBInstanceId is set to the ID of a sharded cluster instance.	d-bp128a003436****
StartTime	string	Yes	The beginning of the time range to query. Specify the time in the yyyy-MM-ddTHH:mm:ssZ format. The time must be in UTC.	2019-03-13T12:11:14Z
EndTime	string	Yes	The end of the time range to query. The end time must be later than the start time. Specify the time in the yyyy-MM-ddTHH:mm:ssZ format. The time must be in UTC. Note The time range between the start time and the end time cannot exceed 24 hours. Otherwise, the operation fails.	2019-03-13T13:11:14Z
Database	string	No	The name of the database. By default, all databases are queried.	database****
User	string	No	The database account. By default, all accounts are queried.	test
Form	string	No	The format of the returned audit records. Valid values: File: Triggers the generation of an audit log file. If you set this parameter to File, only common parameters are returned. Stream (default): Returns a data stream. Note The File parameter is deprecated.	Stream
QueryKeywords	string	No	The keywords for the query. You can specify up to 10 keywords. Separate multiple keywords with spaces.	slow
LogicalOperator	string	No	The logical operator for the keyword search. The default value is and.	and
PageSize	integer	No	The number of entries to return on each page. Valid values: 30 (default), 50, and 100.	30
PageNumber	integer	No	The page number to return. The value must be greater than 0 and must not exceed the maximum value of the integer data type. Default value: 1.	1
OrderType	string	No	The order in which to sort the returned audit log entries by time. Valid values: asc: Sorts the entries in ascending order. desc: Sorts the entries in descending order.	asc

Response elements

Element	Type	Description	Example
	object
TotalRecordCount	integer	The total number of entries.	40
PageRecordCount	integer	The number of entries on the current page.	30
RequestId	string	The request ID.	3278BEB8-503B-4E46-8F7E-D26E040C9769
PageNumber	integer	The page number.	1
Items	object
SQLRecord	array<object>	The list of audit log details.
	object	The details of an audit log entry.
HostAddress	string	The IP address of the client.	11.xxx.xxx.xxx
TableName	string	The name of the MongoDB collection.	C1
ReturnRowCounts	integer	The number of returned rows.	2
DBName	string	The database name.	test123
ExecuteTime	string	The time when the statement was executed. The time is in the yyyy-MM-ddTHH:mm:ssZ format and is displayed in UTC.	2019-03-11T03:30:27Z
ThreadID	string	The thread ID.	140682188297984
TotalExecutionTimes	integer	The execution time, in microseconds.	700
Syntax	string	The executed statement.	{ \"atype\" : \"createCollection\", \"param\" : { \"ns\" : \"123.test1\" }, \"result\": \"OK\" }
AccountName	string	The name of the database account.	test

Examples

Success response

JSON format

{
  "TotalRecordCount": 40,
  "PageRecordCount": 30,
  "RequestId": "3278BEB8-503B-4E46-8F7E-D26E040C9769",
  "PageNumber": 1,
  "Items": {
    "SQLRecord": [
      {
        "HostAddress": "11.xxx.xxx.xxx",
        "TableName": "C1",
        "ReturnRowCounts": 2,
        "DBName": "test123",
        "ExecuteTime": "2019-03-11T03:30:27Z",
        "ThreadID": "140682188297984",
        "TotalExecutionTimes": 700,
        "Syntax": "{ \\\"atype\\\" : \\\"createCollection\\\", \\\"param\\\" : { \\\"ns\\\" : \\\"123.test1\\\" }, \\\"result\\\": \\\"OK\\\" }",
        "AccountName": "test"
      }
    ]
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidStartTime.Format	Specified start time is not valid.	The specified start time is invalid.
400	InvalidEndTime.Format	Specified end time is not valid.
400	InvalidEndTime.Invalid	Specified end time is before this service active time.
400	InvalidParameterCombination	The end time must be greater than the start time.
400	InvalidQueryKeyword.Format	Specified Query Keyword is not valid.
400	InvalidDatabase.Format	Specified Database is not valid.
400	InvalidQueryTime.Format	Specified query time is not valid.
403	IncorrectSQLLogActiveStatus	Current DB instance SQL log active status does not support this operation.
403	LogApiFrequencyExceeded	Exceeding the allowed frequency of log api.
403	ConcurrentTaskExceeded	Concurrent task exceeding the allowed amount.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.