Data Management (DMS) provides the operation audit feature in addition to the basic features of operation log management. You can use this feature to troubleshoot database issues with ease and audit operations that are performed on databases. You can also use this feature to view and manage the SQL statements that are used in the SQL Console, tickets, logon information, and operation logs.

Features

The following table describes the two modules of the operation audit feature in DMS: Operation Logs and Operation Audit.
Module Description Item
Operation Logs Displays the logs of all the operations that are performed in DMS. Includes the logs of management and configuration operations, SQL statements that are used in the SQL Console, tickets, and logon information.
Operation audit Displays all the operations that are performed on the databases in DMS.
Note This module provides a user interface (UI) for you to audit operations in a centralized manner. This also helps you troubleshoot database issues with ease.
Includes SQL statements that are used in the SQL Console, tickets, and logon information.
Note Only DMS administrators, database administrators (DBAs), ticket submitters, and stakeholders involved in the ticket approval process can view the ticket details.

Log retention period

  • Three years: DMS retains logs for three years for database instances that are managed in Stable Change or Security Collaboration mode.
  • Seven days: DMS retains logs only for seven days for database instances that are managed in Flexible Management mode.
Note If you want to change the log retention period of an instance, you can change the control mode of the instance. For more information about how to change the control mode, see Change the control mode of an instance. Take note of the following items when you change the control mode of an instance:
  • If you change the control mode of an instance from Flexible Management to another mode, the log retention period of the instance is changed from seven days to three years, and you can access all the logs that are not deleted.
  • If you change the control mode of an instance from Stable Change or Security Collaboration to Flexible Management, you can view logs only for the last seven days. Logs that are generated more than seven days ago might be deleted and cannot be viewed.

Procedure and supported roles

The following table describes the roles that you can assume to use the operation audit feature. It also shows how to go to the Operation Audit tab in the DMS console.
Auditing scope Limit Link to operation audit Supported role
Database You can view and audit only the operations that are performed on the current database.
  • On the SQL Console tab of the database that you want to audit, move the pointer over the 操作审计 icon in the upper-right corner and click Operation Audit.
  • In the left-side navigation pane of the DMS console, click the database instance in which the database that you want to audit resides, right-click the database, and then choose Audit > Operation Audit.
You can be a DMS administrator, a security administrator, a DBA, an instance owner, or a regular user.
Note If you are a regular user, you can view and audit only the operations that you performed on the current database.
Instance You can view and audit only the operations that are performed on the current instance. In the left-side navigation pane of the DMS console, click the database instance in which the database that you want to audit resides, right-click the database, and then choose Audit > Operation Audit. You can be a DMS administrator, a security administrator, a DBA, an instance owner, or a regular user.
Note If you are a regular user, you can view and audit only the operations that you performed on the current instance.
Global You can view and audit all the operations that are performed in DMS. In the top navigation bar of the DMS console, move the pointer over Security and Specifications and click Operation Audit. You can be a DMS administrator, a security administrator, or a DBA.

Download operation records

The following section describes how to download all the SQL statements that are used in the SQL Console in the last month.

  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click Security and Specifications. In the left-side navigation pane, click Operation Audit.
    Note If you are using the previous version of the DMS console, move the pointer over the More icon in the top navigation bar and choose System > Security > Operation Audit.
  3. Click SQL window list.
  4. Set the Time parameter to Last One Month and click Search.
    Then, the results are displayed.
  5. Click the Download icon icon to download the results.

    The results displayed on the current page are saved as an XLSX file.

    Note To preview and export more results, you can set the Items per page parameter to 100.

Download operation logs

You can download operation logs by calling the GetOpLog operation. For more information, see GetOpLog.