You can view audit logs within a specific period of time and filter audit logs that match specific conditions.

Prerequisites

The new version of the audit log feature is enabled. For more information, see Enable the new audit log feature.

Background information

Audit logs provide a detailed insight into the status of your ApsaraDB for Redis instance. You can use audit logs to view request records so that you can check records of modify and delete operations and find the cause of sudden increases in database resource consumption.

View audit logs

  1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance is deployed. Then, find the instance and click the instance ID.
  2. In the left-side navigation pane, choose Logs > Audit Log.
  3. On the Audit Log page, check the audit log details of the instance.

Filter the audit logs of an instance

ApsaraDB for Redis allows you to view the audit logs that meet specified filter conditions.

  1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance is deployed. Then, find the instance and click the instance ID.
  2. In the left-side navigation pane, choose Logs > Audit Log.
  3. On the Audit Log page, you can specify conditions to filter audit logs.
    Specify filter conditions
    Table 1. Filter conditions
    Filter condition Description
    Keyword The keywords that are included in the audit logs you want to view. A keyword can be a client IP address, a command, a username, or other extended information.
    Note
    • The Keyword field supports exact match. You must enter complete information in the Keyword field. Examples:
      • If you want to specify an IP address as a keyword, you must enter a complete IP address such as 192.168.1.1, not a partial IP address such as 192.168 or 1.1.
      • If you want to specify a command as a keyword, you must enter a complete command such as AUTH or auth, not a partial command such as au.
    • If a keyword contains a colon (:), you must enclose the keyword in a pair of double quotation marks (""). Example: "userId:1".
    Type The type of audit logs. Valid values:
    • redis_audit_log: the audit logs of data shards.
    • redis_proxy_audit_log: the audit logs of proxy nodes.
    Account The account used to connect to the instance. Default value: null. For more information about accounts, see Create and manage database accounts.
    Client IP The client IP address used to connect to the instance.
    DB The database of which you want to query the audit logs.

View the audit logs of an instance over a specified time range

You can use the time picker to specify a time range to query.

  1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance is deployed. Then, find the instance and click the instance ID.
  2. In the left-side navigation pane, choose Logs > Audit Log.
  3. On the Audit Log page, click Please Select.
    Click the time picker
  4. In the Time panel, specify a time range to query audit logs.
    Time picker
    Table 2. Time picker description
    Section No. Section name Description
    Time details When you move the pointer over a time option in the Relative section or Time Frame section, the time details section displays the time range that matches the selected time option.
    Relative Select a time range relative to the current point in time. When you move the pointer over a time option in this section, the time details section displays the time range that matches the selected time option.
    Time Frame Select a time range that is accurate to the minute, hour, week, or day. When you move the pointer over a time option in this section, the time details section displays the time range that matches the selected time option.
    Custom Specify a custom time range. After you click OK, the custom time range is applied.

Related API operations

Operation Description
ModifyAuditLogConfig Enables or disables the audit log feature and specifies a retention period for audit logs.
DescribeAuditLogConfig Queries the audit log configurations of an ApsaraDB for Redis instance. The configurations include whether the audit log feature is enabled and the retention period of audit logs.
DescribeAuditRecords Queries the audit logs of an ApsaraDB for Redis instance.

FAQ

  • Can I view more than 2,000 audit log entries?

    The Audit Log page in the ApsaraDB for Redis console displays a maximum of 2,000 audit log entries. To view more audit log entries, log on to the Log Service console. For more information, see Query and analyze logs.