AnalyticDB for MySQL provides the SQL audit feature to log data manipulation language (DML) and data definition language (DDL) operations that are executed in databases in real time. You can retrieve database operation information from audit logs. This improves the security of AnalyticDB for MySQL databases.

Features

  • SQL audit logging

    AnalyticDB for MySQL logs all operations that are performed on databases. You can use audit logs to identify faults, analyze database activities, and audit databases for security purposes. If you require more detailed diagnostics and analysis, go to the Diagnostics and Optimization page in the AnalyticDB for MySQL console.

  • Data search

    You can search data by combining multiple conditions, such as database, client IP address, execution duration, and execution status. You can also export search results.

Enable SQL audit

  1. Log on to the AnalyticDB for MySQL console by your Alibaba Cloud account.
  2. In the upper-left corner of the page, select the region where clusters reside.
  3. In the left-side navigation pane, click Clusters.
  4. On the V3.0 Clusters tab, click the target Cluster ID.
  5. In the left-side navigation pane, click Data Security.
  6. On the Data Security page, click the SQL Audit tab.
  7. On the SQL Audit tab, click Enable SQL Audit in the upper-right corner.
  8. In the dialog box that appears, select Yes and click OK.
    1

Query and export SQL audit logs

  1. Log on to the AnalyticDB for MySQL console by your Alibaba Cloud account.
  2. In the upper-left corner of the page, select the region where clusters reside.
  3. In the left-side navigation pane, click Clusters.
  4. On the V3.0 Clusters tab, click the target Cluster ID.
  5. In the left-side navigation pane, click Data Security.
  6. On the Data Security page, click the SQL Audit tab.
  7. On the SQL Audit tab, query SQL audit logs within a specific period of time based on Operation Type or Execution Status.
    Note
    • You can query SQL audit logs that are generated only within the last 30 days.
    • The time range to query must be within 24 hours. If you want to save SQL audit logs to your computer, click Export Current Page.

Disable SQL audit

Note After SQL audit is disabled, SQL audit logs are cleared. You must query and export SQL audit logs before you disable SQL audit. For more information, see Query and export SQL audit logs. When you enable SQL audit again, audit logs generated from the last time when SQL audit was enabled are available for queries.
  1. Log on to the AnalyticDB for MySQL console by your Alibaba Cloud account.
  2. In the upper-left corner of the page, select the region where clusters reside.
  3. In the left-side navigation pane, click Clusters.
  4. On the V3.0 Clusters tab, click the target Cluster ID.
  5. In the left-side navigation pane, click Data Security.
  6. On the Data Security page, click the SQL Audit tab.
  7. On the SQL Audit tab, click Audit Configuration in the upper-right corner.
  8. In the dialog box that appears, select No and click OK.
    3

Related operations