This topic describes how to import real-time SQL execution logs from ApsaraDB for RDS to Log Service for real-time analysis.

Prerequisites

  • Alibaba Cloud Log Service is activated.
  • RDS is activated and an RDS instance that supports SQL audit or SQL Explorer is created. The RDS instance can be ApsaraDB RDS for MySQL instance, ApsaraDB RDS for PostgreSQL instance, or ApsaraDB RDS for SQL Server instance.
  • The SQL audit feature of the RDS standard edition is enabled for log data import. If you have enabled the SQL audit feature of the trial edition, disable the trial edition or upgrade it to the standard edition. Otherwise, you cannot enable log data import in the Log Service console.
  • Your account has permission to access the SQL audit feature. You can use only your Alibaba Cloud account to enable and use the SQL audit feature by default. If you use a Resource Access Management (RAM) user to enable and use the SQL audit feature, you must grant relevant Log Service permissions to the RAM user. To grant relevant permissions on RDS to the RAM user, use the following policy:
    Action:
    rds:ModifySQLCollectorPolicy
    rds:DisableSqlLogDistribution
    rds:EnableSqlLogDistribution
    rds:DescribeSqlLogInstances
    
    resource:
    acs:rds:*:*:dbinstance/*

Procedure

  1. Log on to the Log Service console.
  2. Create a project in the same region as the RDS instance. For more information, see Manage a project.
  3. Create a Logstore. For more information, see Manage a Logstore.
  4. Expand the Logstore and click the plus sign (+) next to Data Import.
    You can also click Import Data in the upper-right corner of the Overview page, and then select a Logstore in the Import Data wizard.Data Import
  5. Select a data type. In the Import Data dialog box, select RDS SQL Audit - Cloud Products.
  6. Select the Logstore.
    If you start the collection configuration process by clicking the plus sign (+) next to Data Import under the Logstore, the system skips this step.
  7. Authorize Log Service to distribute logs.

    If you have not authorized Log Service to distribute logs, click Authorize next to RAM. If you have authorized Log Service to distribute logs, skip this step.

  8. Turn on the import switch for the RDS instance.
    Note If no RDS instance appears, it means that the instance does not meet the relevant requirements. For more information, see Limits.
  9. Configure log query and analysis.
    An index is created by default. To modify the index, click the Logstore and choose Index Attributes > Modify in the upper-right corner.