Audit logs record all user operations on your Lindorm instance and store them in Alibaba Cloud Simple Log Service (SLS). Use audit logs to track data access, investigate security incidents, and meet compliance requirements.
The audit log feature is supported only on Lindorm instances. It is not available on the new version of Lindorm.
Prerequisites
Before you begin, ensure that you have:
A LindormTSDB database engine version of 3.4.25 or later. To check or upgrade your version, see Version guide and Minor version update
If you are using a Resource Access Management (RAM) user account, the AliyunLogFullAccess permission granted to that RAM user. For more information, see Grant permissions to a RAM user
Billing
SLS charges for audit log storage on a pay-as-you-go basis, based on storage space and retention period. For pricing details, see Simple Log Service pricing.Simple Log Service Pricing
Resources created automatically
When you enable the audit log, SLS automatically creates the following resources in the same region as your Lindorm instance:
| Resource | Name format |
|---|---|
| Project | aliyun-product-{Alibaba Cloud account ID}-{Region ID} |
| Dedicated Logstore | lindorm-tsdb-audit-log |
The dedicated Logstore is reserved for audit log data only. Writing other data to it or modifying its indexes is not supported. Queries, statistics, and alerting are available without restriction.
Enable audit logging
Log on to the Lindorm console. In the upper-left corner, select the region of your instance. On the Instances page, click the instance ID or click View Instance Details in the Actions column.
In the left navigation pane, click Time Series Engine, then click the Audit Logs tab.
Turn on the Current Status: switch. In the Audit Logs dialog box, click OK.
What's next
After enabling audit logging, view and query your audit log data in the SLS console. The dedicated Logstore (lindorm-tsdb-audit-log) stores all recorded operations and supports queries, statistics, and alerting.