AnalyticDB:SQL audit

费用

目前SQL审计功能正在公测，公测期间免费使用。公测期结束后，AnalyticDB for MySQL会免费保留最近1个月的审计日志，1个月以上收取存储空间费用。

Unsupported operations

The following operations are not recorded in SQL audit logs:

• INSERT INTO VALUES

• REPLACE INTO VALUES

• UPSERT INTO VALUES

Enable or disable SQL audit

Enable SQL audit

1. Log on to the AnalyticDB for MySQL console. In the upper-left corner, select a region. In the left-side navigation pane, click Clusters, find the cluster you want to manage, and click the cluster ID.

2. Go to the SQL Audit page:

   • Enterprise Edition, Basic Edition, or Data Lakehouse Edition: In the left-side navigation pane, choose Cluster Management > SQL Audit.

   • Data Warehouse Edition: In the left-side navigation pane, click Data Security, then click the SQL Audit tab.

3. Click Configure SQL Audit.

4. In the Configure SQL Audit dialog box, select Yes and click OK.

Query and export SQL audit logs

On the SQL Audit tab, filter audit logs by Operation Type or Execution Status to find specific database activity.

To save logs to your local machine, click Export Current Page.

FAQ

Why does the INSERT OVERWRITE statement produce two audit log entries, one with an IP address that is not the client IP address?

INSERT OVERWRITE runs asynchronously in AnalyticDB for MySQL. The access node distributes query jobs across storage nodes and then returns the result to the client. Because of this, the audit logs capture two IP addresses: the client IP address that submitted the request, and the IP address of the AnalyticDB for MySQL access node.

API reference