Queries entries in audit logs of an ApsaraDB for MongoDB instance.

  • When you call this operation, ensure that the audit log feature of the instance is enabled. Otherwise, the operation returns an empty audit log.
  • This operation is applicable only to general-purpose local-disk and dedicated local-disk instances.
  • You can call this operation up to 30 times per minute. To call this operation at a higher frequency, use a Logstore. For more information, see Manage a Logstore.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeAuditRecords

The operation that you want to perform. Set the value to DescribeAuditRecords.

RegionId String No cn-hangzhou

The region ID of the instance. You can call the DescribeDBInstanceAttribute operation to query the region ID of the instance.

DBInstanceId String Yes dds-bp12c5b040dc****

The ID of the instance.

Note If you set this parameter to the ID of a sharded cluster instance, you must also specify the NodeId parameter.
NodeId String No d-bp128a003436****

The ID of the mongos node or shard node whose audit logs you want to query in the instance. If the instance is a sharded cluster instance, you must specify this parameter.

Note This parameter is valid only when DBInstanceId is set to the ID of a sharded cluster instance.
StartTime String Yes 2019-03-13T12:11:14Z

The beginning of the time range to query. Specify the time in the yyyy-MM-ddTHH:mm:ssZ format. The time must be in UTC.

EndTime String Yes 2019-03-13T13:11:14Z

The end of the time range that is specified to query the audit log. The end time must be later than the start time. Specify the time in the yyyy-MM-ddTHH:mm:ssZ format. The time must be in UTC.

Note The end time must be within 24 hours from the start time. Otherwise, the query fails.
Database String No testdatabase

The name of the database to be queried. By default, all databases are queried.

User String No root

The user of the database. If you do not specify this parameter, this operation returns records of all users.

Form String No Stream

The form of the audit log that the operation returns. Valid values:

  • File: triggers the generation of audit logs. If this parameter is set to File, only common parameters are returned.
  • Stream: returns data streams.

Default value: Stream.

QueryKeywords String No slow

The keywords that are used for queries. Separate multiple keywords with spaces. The maximum number of keywords is 10.

PageSize Integer No 30

The number of entries to return on each page. Valid values: 30, 50, and 100. Default value: 30.

PageNumber Integer No 1

The number of the page to return. The value must be an integer that is greater than 0. Default value: 1.

OrderType String No asc

The order of time in which the log entries to return are sorted. Valid values:

  • asc: The log entries are sorted by time in ascending order.
  • desc: The log entries are sorted by time in descending order.

Response parameters

Parameter Type Example Description
TotalRecordCount Integer 40

The total number of entries.

PageRecordCount Integer 30

The maximum number of entries on the current page.

RequestId String 3278BEB8-503B-4E46-8F7E-D26E040C9769

The ID of the request.

PageNumber Integer 1

The number of the page to return.

Items Array of SQLRecord

An array that consists of the information of audit log entries.

SQLRecord
HostAddress String 11.xxx.xxx.xxx

The IP address of the client.

TableName String C1

The name of the collection.

ReturnRowCounts Long 2

The number of SQL audit log entries that are returned.

DBName String test123

The name of the database.

ExecuteTime String 2019-03-11T03:30:27Z

The time when the statement was executed. The time is in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

ThreadID String 140682188297984

The ID of the thread that is recorded in the SQL audit log entry.

TotalExecutionTimes Long 700

The duration of the statement execution. Unit: microseconds.

Syntax String { \"atype\" : \"createCollection\", \"param\" : { \"ns\" : \"123.test1\" }, \"result\": \"OK\" }

The statement that was executed.

AccountName String root

The account of the database.

Examples

Sample requests

http(s)://mongodb.aliyuncs.com/?Action=DescribeAuditRecords
&StartTime=2019-03-13T12:11:14Z
&EndTime=2019-03-13T13:11:14Z
&DBInstanceId=dds-bp12c5b040dc****
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<?xml version="1.0" encoding="UTF-8" ?>
<DescribeAuditRecordsResponse>
    <Items>
        <SQLRecord>
            <TotalExecutionTimes>703</TotalExecutionTimes>
            <Syntax>{ &quot;atype&quot; : &quot;command&quot;, &quot;param&quot; : { &quot;command&quot; : &quot;find&quot;, &quot;ns&quot; : &quot;123.test1&quot;, &quot;args&quot; : { &quot;find&quot; : &quot;test1&quot;, &quot;filter&quot; : { &quot;x&quot; : 1, &quot;y&quot; : 2 }, &quot;shardVersion&quot; : [ { &quot;$timestamp&quot; : { &quot;t&quot; : 0, &quot;i&quot; : 0 } }, { &quot;$oid&quot; : &quot;000000000000000000000000&quot; } ], &quot;$clusterTime&quot; : { &quot;clusterTime&quot; : { &quot;$timestamp&quot; : { &quot;t&quot; : 1552275017, &quot;i&quot; : 2 } }, &quot;signature&quot; : { &quot;hash&quot; : { &quot;$binary&quot; : &quot;9qfygDs61fKCvdXJqjq+f0zML0E=&quot;, &quot;$type&quot; : &quot;00&quot; }, &quot;keyId&quot; : { &quot;$numberLong&quot; : &quot;6666955498811555841&quot; } } }, &quot;$client&quot; : { &quot;application&quot; : { &quot;name&quot; : &quot;MongoDB Shell&quot; }, &quot;driver&quot; : { &quot;name&quot; : &quot;MongoDB Internal Client&quot;, &quot;version&quot; : &quot;3.4.10&quot; }, &quot;os&quot; : { &quot;type&quot; : &quot;Linux&quot;, &quot;name&quot; : &quot;Ubuntu&quot;, &quot;architecture&quot; : &quot;x86_64&quot;, &quot;version&quot; : &quot;16.04&quot; }, &quot;mongos&quot; : { &quot;host&quot; : &quot;rxxxxxx.cloud.cm10:3074&quot;, &quot;client&quot; : &quot;47.xxx.xxx.xx:53854&quot;, &quot;version&quot; : &quot;4.0.0&quot; } }, &quot;$configServerState&quot; : { &quot;opTime&quot; : { &quot;ts&quot; : { &quot;$timestamp&quot; : { &quot;t&quot; : 1552275017, &quot;i&quot; : 2 } }, &quot;t&quot; : { &quot;$numberLong&quot; : &quot;3&quot; } } }, &quot;$db&quot; : &quot;123&quot; } }, &quot;result&quot;: &quot;OK&quot; }</Syntax>
            <HostAddress>11.xxx.xxx.xx</HostAddress>
            <ExecuteTime>2019-03-11T03:30:27Z</ExecuteTime>
            <ThreadID>139xxxxxxxx</ThreadID>
            <AccountName>__system;</AccountName>
            <DBName>local;</DBName>
        </SQLRecord>
        <SQLRecord>
            <TotalExecutionTimes>0</TotalExecutionTimes>
            <Syntax>{ &quot;atype&quot; : &quot;createIndex&quot;, &quot;param&quot; : { &quot;ns&quot; : &quot;123.test1&quot;, &quot;indexName&quot; : &quot;y_1&quot;, &quot;indexSpec&quot; : { &quot;v&quot; : 2, &quot;key&quot; : { &quot;y&quot; : 1 }, &quot;name&quot; : &quot;y_1&quot;, &quot;ns&quot; : &quot;123.test1&quot; } }, &quot;result&quot;: &quot;OK&quot; }</Syntax>
            <HostAddress></HostAddress>
            <ExecuteTime>2019-03-11T03:30:06Z</ExecuteTime>
            <ThreadID>140xxxxxxxx</ThreadID>
            <AccountName>__system;</AccountName>
            <DBName>local;</DBName>
        </SQLRecord>
    </Items>
    <PageNumber>1</PageNumber>
    <TotalRecordCount>2</TotalRecordCount>
    <RequestId>3278BEB8-503B-4E46-8F7E-D26E040C9769</RequestId>
    <PageRecordCount>30</PageRecordCount>
</DescribeAuditRecordsResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "Items" : {
    "SQLRecord" : [ {
      "TotalExecutionTimes" : 703,
      "Syntax" : "{ \"atype\" : \"command\", \"param\" : { \"command\" : \"find\", \"ns\" : \"123.test1\", \"args\" : { \"find\" : \"test1\", \"filter\" : { \"x\" : 1, \"y\" : 2 }, \"shardVersion\" : [ { \"$timestamp\" : { \"t\" : 0, \"i\" : 0 } }, { \"$oid\" : \"000000000000000000000000\" } ], \"$clusterTime\" : { \"clusterTime\" : { \"$timestamp\" : { \"t\" : 1552275017, \"i\" : 2 } }, \"signature\" : { \"hash\" : { \"$binary\" : \"9qfygDs61fKCvdXJqjq+f0zML0E=\", \"$type\" : \"00\" }, \"keyId\" : { \"$numberLong\" : \"6666955498811555841\" } } }, \"$client\" : { \"application\" : { \"name\" : \"MongoDB Shell\" }, \"driver\" : { \"name\" : \"MongoDB Internal Client\", \"version\" : \"3.4.10\" }, \"os\" : { \"type\" : \"Linux\", \"name\" : \"Ubuntu\", \"architecture\" : \"x86_64\", \"version\" : \"16.04\" }, \"mongos\" : { \"host\" : \"rxxxxxx.cloud.cm10:3074\", \"client\" : \"47.xxx.xxx.xx:53854\", \"version\" : \"4.0.0\" } }, \"$configServerState\" : { \"opTime\" : { \"ts\" : { \"$timestamp\" : { \"t\" : 1552275017, \"i\" : 2 } }, \"t\" : { \"$numberLong\" : \"3\" } } }, \"$db\" : \"123\" } }, \"result\": \"OK\" }",
      "HostAddress" : "11.xxx.xxx.xxx",
      "ExecuteTime" : "2019-03-11T03:30:27Z",
      "ThreadID" : "139xxxxxxxx",
      "AccountName" : "__system;",
      "DBName" : "local;"
    }, {
      "TotalExecutionTimes" : 0,
      "Syntax" : "{ \"atype\" : \"createIndex\", \"param\" : { \"ns\" : \"123.test1\", \"indexName\" : \"y_1\", \"indexSpec\" : { \"v\" : 2, \"key\" : { \"y\" : 1 }, \"name\" : \"y_1\", \"ns\" : \"123.test1\" } }, \"result\": \"OK\" }",
      "HostAddress" : "",
      "ExecuteTime" : "2019-03-11T03:30:06Z",
      "ThreadID" : "140xxxxxxxx",
      "AccountName" : "__system;",
      "DBName" : "local;"
    } ]
  },
  "PageNumber" : 1,
  "TotalRecordCount" : 2,
  "RequestId" : "3278BEB8-503B-4E46-8F7E-D26E040C9769",
  "PageRecordCount" : 30
}

Error codes

HttpCode Error codes Error message Description
400 InvalidEndTime.Format Specified end time is not valid. The error message returned because the specified EndTime parameter is invalid. Specify the time in the yyyy-MM-ddTHH:mmZ format. The time must be in UTC. The end time must be later than the start time.

For a list of error codes, visit the API Error Center.