Database Autonomy Service (DAS) provides the SQL Explorer and Audit feature. This allows you to use value-added services on your databases, such as security audit and performance diagnostics.
Prerequisites
A PolarDB for PostgreSQL cluster is created.
From February 24, 2023, DAS supports the SQL Explorer and Audit feature for PolarDB for PostgreSQL clusters.
Features
SQL audit logging
You can record all the operations that are performed on your databases. You can use SQL audit logs to perform operations such as fault analysis, behavior analysis, and security audit.
Enhanced search
You can query data from various dimensions, such as database, user, client IP address, thread ID, execution duration, and number of scanned rows. You can export and download query results.
SQL analysis
A visualized and interactive solution is provided for you to analyze the audit logs of SQL statements that are executed within the specified period of time. This allows you to find the SQL statements that are not executed as expected and troubleshoot performance issues.
Related SQL identification
You can analyze monitoring metrics and related SQL metrics to find the SQL statements that are the most similar to the trends indicated by the metrics.
ImportantOnly PolarDB for PostgreSQL clusters that reside in the Chinese mainland support the related SQL identification feature.
Billing
PolarDB for PostgreSQL clusters do not support DAS Enterprise Edition. The SQL Explorer and Audit feature is based on the SQL Explorer feature that is provided by PolarDB for PostgreSQL. If you enable the SQL Explorer and Audit feature, you are charged for using the feature in a PolarDB for PostgreSQL cluster.
Trial edition: You can use the SQL Explorer and Audit feature of the trial edition for free. You can retain audit logs for only one day and query only data that is stored in the retained audit logs. The trial edition does not support advanced features. For example, data cannot be exported, and data integrity cannot be ensured.
Official edition: For more information, see Billing rules of SQL Explorer (optional).
Enable the SQL Explorer and Audit feature
Log on to the DAS console.
In the left-side navigation pane, click Instance Monitoring.
On the page that appears, find the database instance that you want to manage and click the instance ID. The instance details page appears.
In the left-side navigation pane, choose .
Click Official Edition. In the dialog box that appears, select a retention period for SQL audit logs and click OK.
You can also click Trial Version. The trial edition is free of charge. If you use the trial edition, audit logs are retained for only one day. You can query only data that is stored in the retained audit logs. The trial edition does not support advanced features. For example, data cannot be exported, and data integrity cannot be ensured.
Modify the retention period of SQL audit logs
Log on to the DAS console.
In the left-side navigation pane, click Instance Monitoring.
On the page that appears, find the database instance that you want to manage and click the instance ID. The instance details page appears.
In the left-side navigation pane, choose .
Click Service Settings. In the dialog box that appears, select a retention period for SQL audit logs and click OK.
Export SQL audit logs
Log on to the DAS console.
In the left-side navigation pane, click Instance Monitoring.
On the page that appears, find the database instance that you want to manage and click the instance ID. The instance details page appears.
In the left-side navigation pane, choose .
On the SQL Explorer and Audit page, click the Search tab.
In the Logs section of the Search tab, click Export.
In the dialog box that appears, configure the Exported Fields and Export Time Range parameters, and click OK.
After the logs are exported, click View Exported Logs and download the log file that you exported to your computer.
Disable the SQL Explorer and Audit feature
After you disable the SQL Explorer and Audit feature, your business is not affected. However, SQL audit logs are cleared. Before you disable the SQL Explorer and Audit feature, we recommend that you export the SQL audit logs as a file and download the file to your computer. If you enable the SQL Explorer and Audit feature again, SQL audit logs are generated from the point in time when the SQL Explorer and Audit feature is enabled.
Log on to the DAS console.
In the left-side navigation pane, click Instance Monitoring.
On the page that appears, find the database instance that you want to manage and click the instance ID. The instance details page appears.
In the left-side navigation pane, choose Request Analysis > SQL Explorer and Audit.
Export SQL audit logs. For more information, see the Export SQL audit logs section of this topic.
Click Service Settings. In the Service Settings dialog box, turn off Enable and click OK.
View the size and consumption details of audit logs
Log on to the Alibaba Cloud Management Console.
In the upper-right corner of the page, choose Expenses > User Center.
In the left-side navigation pane, choose .
On the Bill Details page, click the Billing Details tab. In the search bar, select Instance ID from the drop-down list and enter the ID of the cluster for which you want to query the details.
View the billing details in the data entries in which the value in the Billing Item column is sql_explorer.