You can view audit logs within a specific period of time and filter audit logs that match specific conditions.

Prerequisites

The new version of the audit log feature is enabled. For more information, see Enable the new audit log feature.

Background information

Audit logs provide a detailed insight into the status of your ApsaraDB for Redis instance. You can use audit logs to view request records so that you can check records of modify and delete operations and find the cause of sudden increases in database resource consumption.

View audit logs

  1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance is deployed. Then, find the instance and click its ID.
  2. In the left-side navigation pane, choose Logs > Audit Log.
  3. On the Audit Log page, check the audit log details of the instance.

Filter the audit logs of an instance

ApsaraDB for Redis allows you to view the audit logs that meet specified filter conditions.

  1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click its ID.
  2. In the left-side navigation pane, choose Logs > Audit Log.
  3. On the Audit Log page, specify conditions to filter audit logs.
    Table 1. Filter conditions
    Filter condition Description
    Keyword The keyword that is included in the audit logs you want to view. A keyword can be a client IP address, a command, a username, or other extended information.
    Note
    • The Keyword field supports exact match. You must enter complete information in the Keyword field. Examples:
      • If you want to specify an IP address as a keyword, you must enter a complete IP address such as 192.168.1.1, not a partial IP address such as 192.168 or 1.1.
      • If you want to specify a command as a keyword, you must enter a complete command such as AUTH or auth, not a partial command such as au.
    • If a keyword contains a colon (:), you must enclose the keyword in a pair of double quotation marks (""). Example: "userId:1".
    Type The type of audit logs. Valid values:
    • redis_audit_log: the audit logs of data shards.
    • redis_proxy_audit_log: the audit logs of proxy nodes.
      Note This parameter is available only if the instance uses the read/write splitting architecture or the cluster architecture in proxy mode. By default, the Tair console displays the IP addresses of proxy nodes for cluster and read/write splitting instances. To obtain the IP address of your cluster or read/write splitting instance, set ptod_enabled to 1. For more information, see Modify parameters of an instance.
    Account

    The account used to connect to the instance. Default value: null. For more information about accounts, see Create and manage database accounts.

    Client IP Address The client IP address used to connect to the ApsaraDB for Redis instance.
    DB The database whose audit logs you want to query.

View the audit logs of an instance over a specified time range

You can use the time picker to specify a time range to query.

  1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click its ID.
  2. In the left-side navigation pane, choose Logs > Audit Log.
  3. On the Audit Log page, click Time Range.
  4. In the Time panel, specify a time range to query audit logs.
    Time picker
    Table 2. Time picker description
    Section No. Section name Description
    Time details When you move the pointer over a time option in the Relative section or Time Frame section, the time details section displays the time range that matches the selected time option.
    Relative time Select a time range relative to the current point in time. When you move the pointer over an option, you can view the specific time range that corresponds to the option in the time details section.
    Time frame Select a time range that is accurate to the minute, hour, week, or day. When you move the pointer over an option, you can view the specific time range that corresponds to the option in the time details section.
    Custom time Specify a custom time range. After you click OK, the custom time range is applied.

Related API operations

Operation Description
ModifyAuditLogConfig Enables or disables the audit log feature and specifies a retention period for audit logs.
DescribeAuditLogConfig Queries the audit log configurations of an ApsaraDB for Redis instance. The configurations include whether the audit log feature is enabled and the retention period of audit logs.
DescribeAuditRecords Queries the audit logs of an ApsaraDB for Redis instance.

FAQ

  • Can I view more than 2,000 audit log entries?

    The Audit Log page in the ApsaraDB for Redis console displays a maximum of 2,000 audit log entries. To view more audit log entries, log on to the Log Service console. For more information, see Query and analyze logs.