AnalyticDB for MySQL:Configure SQL audit

Limits

Enable or disable SQL audit

1. Log on to the AnalyticDB for MySQL console.
2. In the upper-left corner of the page, select a region.
3. In the left-side navigation pane, click Clusters.

4. On the Data Warehouse Edition (V3.0) or Data Lakehouse Edition (V3.0) tab, find the cluster that you want to manage and click the cluster ID.

5. Go to the SQL Audit page.

   • For an AnalyticDB for MySQL Data Warehouse Edition (V3.0) cluster, click Data Security in the left-side navigation pane and then click the SQL Audit tab.

   • For an AnalyticDB for MySQL Data Lakehouse Edition (V3.0) cluster, choose Cluster Management > SQL Audit in the left-side navigation pane.

6. Click Configure SQL Audit.

7. In the Configure SQL Audit dialog box, select Yes and click OK.

   

8. If you no longer need the SQL audit feature, repeat Steps 1 to 6 and then select No in the Configure SQL Audit dialog box.

   Important

   After you disable SQL audit, SQL audit logs are cleared. You must query and export SQL audit logs before you disable SQL audit. For more information, see the "Query and export SQL audit logs" section of this topic. When you re-enable SQL audit, audit logs that are generated from the time when SQL audit was last enabled are available for queries.

Query and export SQL audit logs

FAQ

Q: The INSERT OVERWRITE statement involves two SQL audit logs, and one of the logs contains an IP address other than the client IP address. Why?

A: The INSERT OVERWRITE statement is executed in AnalyticDB for MySQL in an asynchronous manner. The AnalyticDB for MySQL access node allocates query jobs to different storage nodes and returns the final result to the client. In this case, the SQL audit logs contain the IP address of the client that submits a request and the IP address of the AnalyticDB for MySQL access node.

Related operations