All Products
Search
Document Center

Simple Log Service:Enable the log collection feature

Last Updated:Mar 01, 2024

You can use the CloudLens for RDS application to collect audit logs, error logs, and slow query logs for ApsaraDB RDS instances. Based on the collected logs, you can perform further operations, including audit, analysis, and alerting operations. CloudLens for RDS allows you to manually enable the log collection feature or configure the automatic log collection feature. You can manually enable the log collection feature to collect audit logs, error logs, and slow query logs for a specific ApsaraDB RDS instance. You can also configure the automatic log collection feature to collect audit logs, error logs, and slow query logs for existing and new ApsaraDB RDS instances that meet the specified conditions. This topic describes how to enable the log collection feature of CloudLens for RDS, as well as related operations.

Prerequisites

  • If you want to manually enable the log collection feature for an ApsaraDB RDS instance, you must create a Simple Log Service project and a Logstore in the region where the instance resides. For more information, see the Step 2: Create a project and a Logstore section of the Getting Started topic.

  • If you use a RAM user, you must grant the RAM user the required permissions to manage CloudLens for RDS. For more information, see Grant permissions on CloudLens for RDS to a RAM user.

Manually enable the log collection feature for an ApsaraDB RDS instance

You can use CloudLens for RDS to collect audit logs, error logs, and slow query logs for ApsaraDB RDS instances. The operations that are required to enable the log collection feature for these logs are similar. In this example, the log collection feature is enabled for audit logs.

  1. Log on to the Log Service console.
  2. In the Log Application section, click the Cloud Service Lens tab and click CloudLens for RDS.

  3. If you enable CloudLens for RDS for the first time, you must complete authorization as prompted.

  4. On the RDS Cluster Access tab of the Access Management page, find the desired ApsaraDB RDS instance and click Enable in the Audit Logs column.

  5. In the Enable Audit Logs Collect dialog box, select a destination project and Logstore. Then, click Confirm.

    After the log collection feature is enabled, Simple Log Service starts to collect audit logs for the ApsaraDB RDS instance.

    采集状态

Configure automatic log collection

You can use CloudLens for RDS to collect audit logs, error logs, and slow query logs for ApsaraDB RDS instances. The operations that are required to enable the log collection feature for these logs are similar. In this example, the log collection feature is enabled for audit logs.

  1. Log on to the Log Service console.
  2. On the Cloud Service Lens tab in the Log Application section, click CloudLens for RDS.

  3. On the Access Management page, click the Automatic Collection tab.

  4. Turn on Automatic Collection Configuration.

  5. Click the Condition, Automatic Collection Configurations, and End icons to complete settings in sequence. Then, click Save in the upper-right corner. Condition is optional. Automatic Collection Configurations and End are required.

    Condition

    • You can select Alibaba Cloud Account ID, Region, Instance ID, Instance Name, Database Type, Database Version, or Tag from the Object drop-down list and then specify a condition.

    • In the lower-left corner of the Condition dialog box, you can switch between Advanced Mode and Standard Mode. In standard mode, multiple conditions are associated by the AND operator. In advanced mode, you can combine and nest conditions based on your business requirements. For more information about the rules that are configured for conditional nodes, see Match modes of a conditional node.

    Automatic Collection Configurations

    Parameter

    Description

    Automatic Collection Type

    Select an automatic collection type. Valid values:

    • Custom Logstore: Simple Log Service automatically collects audit logs for ApsaraDB RDS instances that meet the specified conditions to the destination Logstore.

      If the destination project or Logstore does not exist, Simple Log Service automatically creates a project or Logstore.

    • Collection Remains Unchanged: If you select Collection Remains Unchanged, you do not need to set the Region, Project, Logstore, and Conflict Policy parameters.

      • If you do not enable the log collection feature for the ApsaraDB RDS instances that meet the specified conditions, the automatic log collection feature is not automatically enabled for the instances.

      • If you have enabled the log collection feature for the ApsaraDB RDS instances that meet the specified conditions, the destination Logstore remains unchanged.

    Region

    The region where the ApsaraDB RDS instances reside is displayed by default. You cannot change the setting.

    Project

    A project named in the rds-xxx-${Alibaba Cloud account ID}-${Region} format is automatically created for the region where the ApsaraDB RDS instances reside. Example: rds-test-117918634953****-cn-hangzhou.

    Logstore

    A Logstore named rds_log is automatically created in the project named in the rds-xxx-${Alibaba Cloud account ID}-${Region} format.

    Conflict Policy

    If the specified Logstore is inconsistent with the existing Logstore, Simple Log Service performs either of the following operations:

    • Ignore: uses the existing Logstore.

    • Overwrite: uses the specified Logstore.

  6. Examples:

    1. The audit logs of the ApsaraDB RDS for MySQL instances that have the env==prod tag are sent to the rds_log Logstore in the project named in the rds-prod-${Alibaba Cloud account ID}-${Region} format.

    2. The audit logs of the ApsaraDB RDS for MySQL instances that have the env==test tag are sent to the rds_log Logstore in the project named in the rds-test-${Alibaba Cloud account ID}-${Region} format.

    3. The audit logs of other ApsaraDB RDS instances are sent to the existing Logstore.

      自动化采集RDS审计日志

Related operations

Operation

Description

Manage ApsaraDB RDS instances

On the RDS Cluster Access tab of the Access Management page, you can view all ApsaraDB RDS instances that belong to your Alibaba Cloud account. You can also view other information such as the regions where the instances reside and the collection status of the instances.

Disable the log collection feature

On the RDS Cluster Access tab of the Access Management page, you can find the ApsaraDB RDS instance that you want to manage and click Disable in the column of related logs to disable the log collection feature of the logs.

Search and analyze logs

You can find the ApsaraDB RDS instance that you want to manage, click Log Query in the Actions column, and then select the logs that you want to query and analyze. Then, you are navigated to the Logstore where the logs are stored. You can view the raw logs and query and analyze the logs. For more information, see Query and analyze logs.

Manage destination projects and Logstores

On the Destination Logstore tab of the Access Management page, you can view the project and Logstore of the ApsaraDB RDS logs and modify the data retention period for the Logstore.

Configure alerts

On the Anomaly Detection page, you can enable the alerting feature. For more information, see Configure alerts.

View reports

On the Report Center page, you can select a Logstore to view reports on the Audit Operations Center, Audit Security Center, and Audit Performance Center tabs.